Pub-Me CMS – Blind SQL Injection

• Exploit Database
• 139 阅读

• 作者： H4f
  日期： 2010-10-28
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/15348/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59

  _______ _____ ___ | | |||.&apos;_| | |__| _| |___|___||__||__|   Pub-Me CMS Blind SQL Injection Vulnerability Name:Pub-Me CMS Vendor:http://www.pub-me.com/ Versions Affected: //unknown, all current affected - devel. homepage & 33 clients web pages Software Link: Not aviable, Demo can be requested by e-mail from vendor Found by:H4f, <Sec was born project, Anonymous submission> Contact: zotrob [at] gmail [dot] com Date:2010-10-25 X. INDEX I.ABOUT THE APPLICATION II. DESCRIPTION III.ANALYSIS IV. SAMPLE CODE V.FIX   I. ABOUT THE APPLICATION ________________________ Pub-Me Content Managment System is designed to make it possible for you to pay full attention to the content without having to bother about technologies.   II. DESCRIPTION _______________ NOT properly sanitised form before being used in a SQL query. III. ANALYSIS _____________ Summary: All Pub-Me based websites are vulnerable, any more/less trained monkey can reach admin panel. ______________________   IV. SAMPLE CODE _______________ Blind SQL Injection Login> &apos; or 0=0 # Pass>&apos; or 0=0 # V. FIX ______ Vedor contacted, no reponse.