Dimac CMS 1.3 XS – ‘default.asp’ SQL Injection

Exploit Database
21 阅读

作者： KedAns-Dz

日期： 2011-04-11
类别：
- webapps
平台：
- asp
来源：https://www.exploit-db.com/exploits/35599/

source: https://www.securityfocus.com/bid/47291/info

Dimac CMS XS is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query.

A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database.

Dimac CMS XS 1.3 is vulnerable; other versions may also be affected. 

The following example URI and data are available:

http://www.example.com/[path]/CMSadmin/default.asp

Username : admin
Password : 1'or'1'='1

last Exploits
Dimac CMS 1.3 XS – ‘default.asp’ SQL Injection的更多信息

Gogs – ‘users’/’repos’ ‘?q’ SQL Injection：
FS Thumbtack Clone – ‘ser’ SQL Injection：
Landshop 0.9.2 – Multiple Web Vulnerabilities：
Fortify Software Security Center (SSC) 17.10/17.20/18.10 – Information Disclosure：
CF Image Hosting Script 1.3 – ‘settings.cdb’ Information Disclosure：
osTicket 1.6 RC5 – Multiple Vulnerabilities：
Joomla! Component StaticXT – SQL Injection：
i-Gallery 3.4 – ‘d’ Cross-Site Scripting：