ColdBookmarks 1.22 SQL Injection Vulnerability

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : ColdBookmarks 1.22 SQL Injection Vulnerability
# Published : 2010-09-07
# Author : mr_me
# Previous Title : ColdOfficeView 2.04 Multiple Blind SQL Injection Vulnerabilities
# Next Title : ColdCalendar 2.06 SQL Injection Exploit

# ColdGen - coldbookmarks v1.22 Remote 0day SQL Injection vulnerability
# Vendor: http://www.coldgen.com/
# Found by: mr_me (net-ninja.net)

PoC
http://[target]/[path]/index.cfm?fuseaction=EditBookmark&BookmarkID=[SQLi]&CFID=XXXXXX&CFTOKEN=XXXXXXXX