BackZtage CMS Shell Upload / SQL Injection

2012-02-10T00:00:00
ID PACKETSTORM:109636
Type packetstorm
Reporter ITTIHACK
Modified 2012-02-10T00:00:00

Description

                                        
                                            `BackZtage CMS ( SQLi/ File Upload ) Vulnerabilities  
  
Software : BackZtage   
Date : 2/9/2012   
Vendor : http://www.backztagemedia.com   
Software : http://www.backztagemedia.com/services.php   
Dork : "Powered by BackZtage"   
Author : ITTIHACK   
Home : http://ittihack.com   
  
  
SQL Injection:  
Exploit : http://target//search.php?id=[SQLi]  
http://target//product.php?id=[SQLi]  
http://target//photo.php?id=[SQLi]  
  
File Upload:   
Exploit : http://target/admin/uploadlogin.php   
  
  
Demo Sites: http://www.dpproductions.sg/photo.php?id=3  
http://www.ajmason.com/project-gallery.php?id=25  
http://backztage.com.hk/subcategory.php?cid=93  
  
  
May allah have mercy on the martyrs of Syria  
`