prime creative CMS BSQL Injection Vulnerability



EKU-ID: 1780 CVE: OSVDB-ID:
Author: H-SK33PY Published: 2012-03-27 Verified: Verified
Download:

Rating

☆☆☆☆☆
Home


   010101010101010101010101010101010101010101010101010101010
   0                                                       0
   1        Iranian Datacoders Security Team 2010          1
   0    0
   1               WWW.DataCoders.Org                      1
   010101010101010101010101010101010101010101010101010101010

############################################################################
# Exploit Title: prime creative CMS BSQL Injection Vulnerability            #
# Date: 03/26/2012     #
# Author: H-SK33PY                #
# Vendor Link: http://www.primecreative.com/                               #
# Version :  N/A    #
# Platform / Tested on: php/linux    #
# Dork: inurl:index.php?MenuID=  & intext:developed by prime creative      #
# Category: webapplications    #
# Code : [SQL injection]    #
# Our Website: http://www.datacoders.org/            #
############################################################################

After after use Sting (') and find bug  for injection at sites run SQL Inject :


example :
http://[PATH]/index.php?MenuID=[BSQL injection]


Live demo :

http://www.snugpak.com/index.php?MenuID=160-133[bsql injection]
http://www.netherleighandrossefieldschool.co.uk/index.php?MenuID=-168[bsql injection]
http://testing.primecreative.com/ocean/index.php?MenuID=288-288-288[bsql injection]


Good Luck





############################################################################################
#    #
# We Are: H-SK33PY | Immortal Boy | D4rkC0d3 | r00t | v30sharp  | ARTA                     #
#    #
#                           And All Iranian DataCoders Members          #
#    #
#                            Don't Forget WwW.DataCoders.Org    #   
############################################################################################