Scomm CMS (Сергей Комаров) SQL Injection

2016.02.11

Credit: Jahesh Security Team

Risk: Medium

Local: No

Remote: Yes

CVE: N/A

CWE: CWE-89

Dork: intext:"Автор сайта - Сергей Комаров, scomm@mail.ru" & inurl:php?ds=

|*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*|
|--------------------------------------------------------------|
|[+] Exploit Title: Scomm Cms SQL Injection
|[+]
|[+] Exploit Author: Jahesh Security Team
|[+] Author Website: http://Jahesh-Security.Org/cc
|[+]
|[+] Vendor Homepage: http://scomm.ru
|[+]
|[+] Google Dork: intext:"Автор сайта - Сергей Комаров, scomm@mail.ru" & inurl:php?ds=
|[+]
|[+] Date: 11 Feb 2016
|[+]
|--------------------------------------------------------------|
|[+] Exploit:index.php?ds=X
|[+]
|[+] Examples:
|[+]
|[+] http://altex-group.ru/index.php?ds=1
|[+]
|[+] http://smartsnow.ru/laws/index.php?ds=974714
|[+]
|[+] http://volgolaws.ru/index.php?ds=1448590
|[+]
|[+] http://k-n-o.ru/index.php?ds=2286283

|*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*|
|[+] Discovered By : Mr.Curse

|[+]Thanks: MR.Curse *** T!nk3r *** 2Dadash *** WereWolf98 *** Shayan 72
|*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*|

References:

http://Jahesh-Security.Org/cc

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Scomm CMS (Сергей Комаров) SQL Injection

Dork: intext:"Автор сайта - Сергей Комаров, scomm@mail.ru" & inurl:php?ds=

References:

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.