CiativaWeb SQL Injection

` 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0  
0 _ __ __ __ 1  
1 /' \ __ /'__`\ /\ \__ /'__`\ 0  
0 /\_, \ ___ /\_\/\_\ \ \ ___\ \ ,_\/\ \/\ \ _ ___ 1  
1 \/_/\ \ /' _ `\ \/\ \/_/_\_<_ /'___\ \ \/\ \ \ \ \/\`'__\ 0  
0 \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/ 1  
1 \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\ 0  
0 \/_/\/_/\/_/\ \_\ \/___/ \/____/ \/__/ \/___/ \/_/ 1  
1 \ \____/ >> Exploit database separated by exploit 0  
0 \/___/ type (local, remote, DoS, etc.) 1  
1 1  
0 [x] Official Website: http://www.1337day.com 0  
1 [x] Support E-mail : mr.inj3ct0r[at]gmail[dot]com 1  
0 0  
1 $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ 1  
0 I'm NuxbieCyber Member From Inj3ct0r TEAM 1  
1 $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ 0  
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=-1  
  
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx  
«««:»»» CiativaWeb - SQL Injection Vulnerability «««:»»»  
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx  
  
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++  
./Title Exploit : CiativaWeb - SQL Injection Vulnerability  
./CMS Developer : CiativaWeb - www.criativawebdesign.com  
./Google Dork : inurl:"/index.php?acess=" &id=  
./Author Exploit: [ TheCyberNuxbie ]  
./Time & Date : June, 07 2012. 01:16 PM.  
./Category XPL : [ WebApps/ZeroDay ]  
./Security Risk : High Level.  
./Exploit Tested: Back|Track 5.  
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++  
  
- Use it at your risk,,,  
This was written for educational purpos,,,  
Author will be not responsible for any damage. //nuxbie  
  
[0x01] SQL injection is a code injection technique that exploits a security  
vulnerability occurring in the database layer of an #application.  
The vulnerability is present when user input is either incorrectly  
filtered for string literal escape characters embedded in SQL #statements  
or user input is not strongly typed and thereby unexpectedly executed.  
  
- Affected items (SQLi):  
http://127.0.0.1/webapps/index.php?acess=xxx&id=[SQLi]  
  
- Sample WebApps Vuln (SQLi):  
http://allikon.com.br/index.php?acess=5&id=7' + [SQL Injection]  
http://tempoextra.com/index.php?acess=5&id=54' + [SQL Injection]  
http://acessocar.com.br/index.php?acess=5&id=6' + [SQL Injection]  
http://aplik.ind.br/site/index.php?acess=6&id=10' + [SQL Injection]  
, And Many More @portofolio_webdevelop...!!!  
  
- Special Thanks:  
...:::' 1337day - Inj3ct0r TEAM ':::...  
BoSs r0073r & All 31337 Member Inj3ct0r TEAM,,,  
, And All Inj3ct0r Fans & All Hacktivist,,,  
  
#############################################################################  
[ Inj3ct0r | PacketStromSecurity | Exploit-ID | Devilzc0de | SekuritiOnline ]  
[ Codenesia | ID-BackTrack | IndonesianCoder | IndonesianHacker | JatimCrew ]  
[ E-C-H-O | ExploreCrew | Hacker-Newbie | Jasakom | YogyaCarderLink ./etc.. ]  
-----------------------------------------------------------------------------  
[ r0073r, Sid3^effects, r4dc0re, CrosS, SeeMe, indoushka, KnocKout, ZoRLu ]  
[ anT!-Tr0J4n, KedAns-Dz, Kalashinkov3, Angel Injection, cr4wl3r, cyberlog ]  
[ erytronic, team_elite, r4h0x, Hmei7, kaMtiEz, cyberbagor, SeekerUnZero ]  
[ Dencowbie, Alex_Maxs, Afni Ramadhania, And All My Friends @it-underground ]  
-=[ We Are c0d3rs And We Are An Exploit...!!! ]=-   
#############################################################################  
`