CVE-2007-6544

This advisory details multiple vulnerabilities in RunCMS 1.6, including SQL injection, XSS, PHP injection, and predictable session IDs. It provides specific endpoints and payloads for exploitation but does not include functional exploit code.

This Perl script exploits a blind SQL injection vulnerability in RunCMS 1.6 to extract the admin password hash. It uses binary search and ASCII value comparison to evade IDS detection.

This Perl script exploits a blind SQL injection vulnerability in RunCMS 1.6 to extract admin session cookies by brute-forcing character values via ASCII comparisons. It targets multiple modules and constructs malicious queries to leak session data.