C4kurdGroup CMS SQL Injection

2012-04-13T00:00:00
ID PACKETSTORM:111847
Type packetstorm
Reporter Net.Edit0r
Modified 2012-04-13T00:00:00

Description

                                        
                                            `# Exploit Title: C4kurdGroup CMS SQL injection Vulnerability  
# Date: 2012-04-14 [GMT +7]  
# Author: BHG Security Center  
# Software Link: http://www.c4kurd.com/  
# Vendor Response(s): They didn't respond to the emails.  
# Dork: intext:"Created by C4kurdGroup "  
# Version : Full Version  
# Tested on: ubuntu 11.04  
# CVE : -  
# Finder(s):  
- Net.Edit0r (Net.edit0r [at] att [dot] net)  
- Tak.fanar (Tak.fanar [at] yahoo [dot] com)  
  
-----------------------------------------------------------------------------------------  
C4kurdGroup CMS SQL injection Vulnerability  
-----------------------------------------------------------------------------------------  
  
Author : BHG Security Center  
Date : 2012-04-14  
Location : Iran  
Web : http://Black-Hg.Org  
Critical Lvl : Medium  
Where : From Remote  
My Group : Black Hat Group #BHG  
---------------------------------------------------------------------------  
  
PoC/Exploit:  
~~~~~~~~~~  
  
------------- ( SQL injection ) ~  
  
~ [PoC]Http://[victim]/path/filename.php?page=[SQLi]  
  
~ Demo : http://www.khushkan.org/dast/khuardn.php?page=[SQLi]  
~ Demo : http://www.bgta-krg.org/babat/hawal.php?page=[SQLi]  
~ Demo : http://www.pdk-21.com/mezhu/archive.php?page=[SQLi]  
~ Demo : http://www.radiogarmyan.net/hawal/archive.php?page=[SQLi]  
~ Demo : http://www.radiogarmyan.net/hawal/archive.php?page=[SQLi]  
  
Important Notes:  
~~~~~~~~~  
  
- Vendor did not respond to the email as well as the phone. As thereis  
not any contact form or email address in  
  
- the website, we have used all the emails which had been found by  
searching in Google such as support, info, and so on.  
  
---------------------------------------------------------------------------  
Greetz 2 : A.Cr0x | 3H34N | 4m!n | ArYaIeIrAN | Mr.XHat | NoL1m1t | G3n3Rall  
  
Spical Th4nks: B3hz4d | Dj.TiniVini | _SENATOR_ | IrIsT And All My Friendz  
  
[!] Persian Gulf 4 Ever  
[!] I Love Iran And All Iranian People  
Greetz To : 1337day.com ~ exploit-db.com [h4ckcity tM] And All Iranian HackerZ  
-------------------------------- [ EOF ] ----------------------------------  
`