WEBONE CMS version 6 suffers from a remote SQL injection vulnerability.
c586691bbe7c33c05e24864f607a414bcaba8a51ae9fa8aebc2051a54ea0e918
========================================================================
| # Title : WEBONE CMS 6 SQL Injection Vulnerability
| # Author : indoushka
| # email : indoushka4ever@gmail.com
| # Tested on: windows 8.1 Français V.(Pro)
| # Vendor : http://webone.com.tw/
========================================================================
Dork : intext:"Power by WEBONE" inurl:pk=
poc :
http://webone.com.tw/works_con.php?pk=116 (inject her)
http://jolinn-pethouse.com.tw/about.php?lang=zh (inject her)
Greetz :
jericho http://attrition.org & http://www.osvdb.org/ * http://packetstormsecurity.com * Larry W. Cashdollar*
Hussin-X *D4NB4R * ViRuS_Ra3cH * yasMouh * https://www.corelan.be * Mojtaba MobhaM
---------------------------------------------------------------------------------------------------------------