Surge Media CMS SQL Injection

2011-08-03T00:00:00
ID PACKETSTORM:103682
Type packetstorm
Reporter Netrondoank
Modified 2011-08-03T00:00:00

Description

                                        
                                            `.__.__ .__ __   
|__| | _____ __ __| |__ _____ ____ | | __ ___________   
| | | / \| | \ | \\__ \ _/ ___\| |/ // __ \_ __ \  
| | |_| Y Y \ | / Y \/ __ \\ \___| <\ ___/| | \/  
|__|____/__|_| /____/|___| (____ /\___ >__|_ \\___ >__|   
\/ \/ \/ \/ \/ \/   
.org  
################################ Archieve an Resource About Hacking ###############  
#################### ####################  
#  
# Exploit Title: Surgemedia Cms Sql Injection Vulnerability  
# Author: Netrondoank Aka netron  
# home Page: http://www.ilmuhacker.org  
# Forum : http://www.indonesiansecurity.info and http://indotek.or.id  
# Vendor or Software Link: http://www.surgemedia.com.au/work/design-projects.aspx  
# Version: N/A  
# Category:: webapps  
# Google dork: "Powered by ADICD"   
# Tested on: Linux Back Track 5  
  
####################################################################  
# Proof Of Concept [POC]  
  
http://site/project-detail.php?id=[Sqli]  
http://site/shop.php?cid=[Sqli]  
http://site/product-detail.php?id=[Sqli]  
http://site/news_details.php?news_id=[Sqli]  
http://site/residential-building-projects.php?cid=[Sqli]  
  
#########################################################################################  
#Greetz To:  
Allah swt .free dom For Palestine .Indonesiansecurity.info, 1337day.com  
packetstormsecurity.org, Exploit-id.com ,securityreason.com ,securityfocus.com  
##########################################################################################  
############################### Archieve an Resource About Hacking--Ilmuhackerdotorg ####  
`