The exploit demonstrates multiple vulnerabilities in Demium CMS 0.2.1 Beta, including SQL injection for authentication bypass, remote SQL injection for data exfiltration and shell creation, local file inclusion for remote command execution, and file disclosure via path traversal. Functional Perl scripts are provided for LFI and RCE exploitation.
Classification
Working Poc 95%
Attack Type
Rce | Sqli | Auth Bypass | Info Leak
Target:
Demium CMS 0.2.1 Beta
No auth needed
Prerequisites:
Magic Quotes OFF · Network access to target