CFAGCMS - SQL Injection

Author: cr4wl3r
type: webapps
platform: php
port: 
date_added: 2009-12-18 
date_updated: 2017-01-06 
verified: 1 
codes: CVE-2008-5781;OSVDB-51061 
tags: 
aliases:  
screenshot_url:  
application_url: http://www.exploit-db.comcfagcms.zip

################################################################################
## Exploit Title: CFAGCMS SQL Injection Exploit                               ##
## Date: 20-12-2009                                                           ##
## Author: cr4wl3r                                                            ##
## Software Link: http://sourceforge.net/project/showfiles.php?group_id=197936##
## Version: N/A                                                               ##
## Tested on: GNU/LINUX                                                       ##
################################################################################


~ Code [right.php]

$title  = $_GET['title'];
$query  = "SELECT * FROM pages WHERE title = '".$title."'";
$result = mysql_query($query);

~ PoC

[cfagcms_path]/right.php?title=[SQL]