# Exploit Title: Supernet CMS [BlindSQLi]
# Date: 22.03.2012
# Google Dork/s:
# Greetz: Inj3ct0r 1337day Exploit DataBase 1337day.com
# allintext:"Vse pravice pridržane | © 2006 Supernet.si" site:.si
# allintext:"Vse pravice pridržane | © 2007 Supernet.si" site:.si
# (increment till 2012)
# inurl:"php?vid=" site:.si
#
# Vuln2:
# inurl:"admin/login.php?info=DENIED" site:.si
#
#
# Author: Mr.5p0ng3 [mr5p0ng3@tormail.net]
# Software Link: www.supernet.si (manufacturer website)
# Version: All
# Tested on: Linux
# Running on: nginx, Apache 2.2.11...
# About:
"Supernet CMS" is non-free CMS made by independent developer which can be ordered from www.supernet.si.
# Vulnerability 1:
http://someurl/novice.php?vid=[BlindSQLi]
or
http://someurl/vsebina.php?vid=[BlindSQLi]
*file "vsebina.php" has different names in different websites (projects so to say)
# Vulnerability 2:
http://someurl/admin/login.php?info=[BlindSQLi]
# Note:
In some projects Vulnerability2 is producing errors thus it is not completely blind.
# Greetz n shit: #####################################################
Greetz goes to true Slovenian cyber und3rgr0und. From west to east.
From east to west. You know who you are!
...Also... FREE Iserdo!!!!!!!
######################################################################
//Mr.5p0ng3//mr5p0ng3@tormail.net
