Easy Fast Admin suffers from a remote SQL injection vulnerability.
44ba807f64174cdb090827ed7459279438ec5befc347d31f201f72c5a7d33890Exploit Title: Easy Fast Admin sql injection Vulnerability
Author: ANDREA BOCCHETTI
Security Risk : High - SQL Injection
download Link Or Vendor Home: http://www.easyfastadmin.org
Affected versions:
All Cms version
Credits:
This vulnerability was discovered and researched by Andrea Bocchetti
Impact:
An attacker can execute SQL statements.
Vendor Status:
Vendor was contacted
Timeline:
Vendor Notification - 04/10/2012
Vendor Response - nothing
Fix - no
Public Disclosure - 08/10/2012
Date: 08/10/2012
==================================
id parametr is injectable
# Exploit : [SQL]
articoli.php?id [sql]
news.php?id [sql]
Demo : http://www.demo.com/news.php?id= sql
Demo : http://www.demo.com/articoli.php?id= sql
Demo : Demo : http://www.demo.com/xxx.php?id= sql
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed