# Author: loneferret of Offensive Security # Product: Jaow CMS # Version: v2.3 # Vendor Site: http://www.jaow.net # Software Download: http://www.jaow.net # Description: Small free CMS application, no programming experienced needed to install # and administer. # Vulnerability: # Blind-SQL in login form. # Page: /connexion.php # Parameter: login # PoC: x' or (sleep(10)+1) limit 1 -- # With a little time, I'm sure someone could come up with a script to get the admin's # hash out of MySql.Брой прочитания на тази страница: 1085
Jaow CMS v2.3 Blind SQLi Vulnerability