Softplace CMS SQL Injection

2012.01.24

Credit: ITTIHACK

Risk: Medium

Local: No

Remote: Yes

CVE: N/A

CWE: CWE-89

Dork: intext:\"Powered by Softplace\"

Softplace CMS Remote SQL Injection Vulnerability
Software : Softplace
Date : 1/23/2012
Vendor : http://softplace.it ( Commercial )
Dork : intext:"Powered by Softplace"
Author : ITTIHACK
Home : http://ittihack.com
Vulnerable File : index.php | index_int.php
Exploit : http://site/path/index.php?pag=[SQLi]
http://site/path/index_int.php?pag=[SQLi]
Demo Sites : http://www.anlaids.org/web/index.php?pag=8
http://www.lavoro.provincia.vercelli.it/portaleweb/vc_portale/index_int.php?pag=136
http://www.rnre.eu/rnre/index.php?pag=19
Solution : The Vendor was contacted to fix this vulnerability as soon as possible. Keep your software up-to-date
#Greatz to: ___ ____ ____
#````______/```\__//```\__/____\
#``_/```\_/``:```````````//____\
#`/|``````:``:``..``````/ Reinie \
#|`|`````::`````::``````\````````/
#|`|`````:|`````||`````\`\______/
#|`|`````||`````||``````|\``/``|
#`\|`````||`````||``````|```/`|`\
#``|`````||`````||``````|``/`/_\`\
#``|`___`||`___`||``````|`/``/````\
#```\_-_/``\_-_/`|`____`|/__/``````\
#````````````````_\_--_/````\`````/
#```````````````/____```````````/
#``````````````/`````\`````````/
#``````````````\______\_______/

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Softplace CMS SQL Injection

Dork: intext:\"Powered by Softplace\"

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.