CIS Manager CMS - SQL Injection

Author: felipe andrian
type: webapps
platform: asp
port: 
date_added: 2014-04-02 
date_updated: 2014-04-02 
verified: 0 
codes: OSVDB-105364;CVE-2014-2847 
tags: 
aliases:  
screenshot_url:  
application_url: 

[+] Sql Injection on CIS Manager CMS
[+] Date: 01/04/2014
[+] Risk: High
[+] Author: Felipe Andrian Peixoto
[+] Vendor Homepage: http://www.construtiva.com.br/
[+] Contact: felipe_andrian@hotmail.com
[+] Tested on: Windows 7 and Linux
[+] Vulnerable File: default.asp
[+} Dork : intext:"Powered by CIS Manager"
[+] Exploit : http://host/site/default.asp?TroncoID=[SQL Injection]