PHP:
# Exploit Title: CUDOMA SQL injection Vulnerability
# Date: 2011-10-08
# Author: ANDREA BOCCHETTI
# Software Link: https://www.cudoma.com/
# Price: 1.500.00�
Summary: CuDoMa is a ******** Management System (DMS),
a organize, catalog, distribute and manage data and ********s.
The optimal solution for ******** management companies
and professional firms that produce large quantities of ********s.
Input passed via idtopic parameters are
not properly sanitised. This can be exploited to manipulate
SQL queries by injecting arbitrary SQL code.
Time Table
10/10/2011 - Vendor notified
10/10/2011 - Vendor response.
11/10/2011 - Vendor provides status update.
11/10/2011 - Vendor provides status update.
11/10/2011 - Public disclosure.
======================================================================
1)Exploit :
# http://[localhost]/news?idtopic=[SQL]
2) Credits
Discovered by Andrea Bocchetti
3) BUG FIX
