CMS ContWEB SQL Injection

CMS ContWEB SQL Injection: Posted Jul 2, 2014; Authored by Felipe Andrian Peixoto; CMS ContWEB suffers from a remote SQL injection vulnerability. Note that this finding houses site-specific data.; tags | exploit, remote, sql injection; SHA-256 | c9abd3e81a9b22621cdeba959f32fae9d24c436ccf9b1e7c0905401f15456aed; Download | Favorite | View

CMS ContWEB SQL Injection

[+] Sql Injection on CMS ContWEB - ATI

[+] Date: 02/07/2014

[+] CWE Number : CWE-89

[+] Risk: High

[+] Author: Felipe Andrian Peixoto

[+] Vendor Homepage: http://www.ati.pi.gov.br/

[+] Contact: felipe_andrian@hotmail.com

[+] Tested on: Windows 7 and Linux

[+] Vulnerable File: album.php

[+} Dork : inurl:album.php?id=  + pi.gov.br

[+] Exploit : http://host/album.php?id=[SQL Injection]
 
[+] PoC:  http://www.setre2.pi.gov.br/album.php?id=69
          http://www.cec.pi.gov.br/album.php?id=45
          http://www.eletrobraspiaui.com/album.php?id=35

[+] Admin Page: http://host/adm/

Top Authors In Last 30 Days

Red Hat 323 files
Ubuntu 71 files
Debian 21 files
LiquidWorm 12 files
Gentoo 8 files
Apple 6 files
Google Security Research 4 files
Spencer McIntyre 3 files
Jann Horn 3 files
Alter Prime 3 files

File Archives

Systems

AIX (430)
Apple (2,132)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,172)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,607)
HPUX (881)
iOS (395)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (52,112)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (17,459)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (10,018)
UNIX (9,482)
UnixWare (188)
Windows (6,785)
Other

CMS ContWEB SQL Injection

CMS ContWEB SQL Injection

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

CMS ContWEB SQL Injection

Share This

CMS ContWEB SQL Injection

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems