NEW CONTENT RANDOM THREAD Unread Post

Exploit Raw Marketing CMS - SQL Injection Vulnerability

by Local Host - 03-17-2016 at 08:52 AM
Local Host
Junior Member
Posts:
3
Joined:
Mar 2016
Likes:
0
Reputation:
0
2 Year Of Member
#1
OP
Posted: 03-17-2016, 08:52 AM
Salam Kenal,
Member Baru,

Exploit ini cuma sekedar pembelajaran
Code:
# Exploit Title: Raw Marketing CMS - SQL Injection Vulnerability
# Date: 24/01/2015
# Exploit Author: Local Host
# Author Homepage: pasuruanblackhat.org
# Version: All Version ( Under 2015)
# Tested on: Ubuntu 14.04

Overview :

       The CMS is vuln on all .php?id= , so you only search .php?id= in the website. you know if the website is use Raw Marketing CMS only give /cms/ in the url . and you can see login admin Raw Marketing CMS, usually the CMS in AU, because the vendor of this CMS is australian people. The SQLI error is not show warning, just show not perfectly page. Iam reported to vendor but not responsive, It's not joke

PoC :

       http://www.website.com.au -> http://www.website.com.au/product_detail.php?id=1
       sqlmap -u http://www.website.com.au/product_detail.php?id=1 --dbs

Greet :
       
       Pasuruan Blackhat & Pasuruan Cyber Crew
       phiA , Alliend , 1pan , h3ll0s , 1nspiron , p3707 , Dark Wireless , h4715 , Sychul



Atau bisa lihat disini 0day.today
Message
Reply
Find Posts
Register an account or login to reply
Create an account
Create a free account today and start posting right away. It only takes a few seconds.
Login
Log into an existing account.
1 Guest(s)
Navigation
Latest News
Bugtracker
Team
Mark forum as read
Community
Banlist
Usergroups
Memberlist
Statistics
Help/Account
Help Documents and Rules
Contact
Login
Create an account
About Us
Forum Backbox Indonesia adalah salah satu media pembelajaran bagi siapa saja yang ingin belajar mengenai dunia Open Source khususnya untuk memperdalam Backbox Linux.
Posts:
971
Members:
1322
Threads:
199
Resources:
0
New :
spongebob