[+] Sql Injection on Widget Corp CMS

[+] Date: 14/06/2014

[+] CWE Number : CWE-89

[+] Risk: High

[+] Author: Felipe Andrian Peixoto

[+] Vendor Homepage: http://www.standardwidget.com/

[+] Contact: felipe_andrian@hotmail.com

[+] Tested on: Windows 7 and Linux

[+] Vulnerable Files: index.php

[+] Dork : intitle:"Widget Corp" + About Widget Corp + index.php

[+] Admin Page:login.php

[+] Exploit : http://host/patch/index.php?subj=[SQL Injection]