CGILua 3.0 – SQL Injection

Exploit Database
10 阅读

作者： aceeeeeeeer .

日期： 2013-12-09
类别：
- webapps
平台：
- cgi
来源：https://www.exploit-db.com/exploits/30156/

# Exploit Title: CGILua SQL Injection
# Google Dork: inurl:/cgilua.exe/sys/
# Vendor Homepage: https://web.tecgraf.puc-rio.br/cgilua/
# Version: < = 3.0
# Date: 09/12/2013
# Exploit Author: aceeeeeeeer
# Contact: http://www.twitter.com/aceeeeeeeer
# Tested on: Windows
####################################################################################
greetz: CrazyDuck - Synchr0N1ze - No\one - Kouback_TR_ - unknow_antisec -
elCorpse
Clandestine - MentorSec - Titio Vamp - LLL - Slayer Owner - masoqfellipe
####################################################################################

Exploit: /cgi/cgilua.exe/sys/start.htm?sid=[ SQLi ]

Demo: http://www.server.com/publique/cgi/cgilua.exe/sys/start.htm?sid=157

last Exploits
CGILua 3.0 – SQL Injection的更多信息

Joomla! Component com_gurujibook – SQL Injection：
Madness Pro 1.14 – SQL Injection：
phpCOIN 1.2.1 – ‘mod’ Local File Inclusion：
Joomla! Component com_include – SQL Injection：
School Event Attendance Monitoring System 1.0 – ‘Item Name’ Stored Cross-Site Scripting：
Atmail WebAdmin and Webmail Control Panel – SQL Root Password Disclosure：
DMXready Polling Booth Manager – SQL Injection：
ManageEngin AMP 4.3.0 – File-path-traversal：