HZChoice CMS SQL Injection

2012-10-22T00:00:00
ID PACKETSTORM:117600
Type packetstorm
Reporter Ashiyane Digital Security Team
Modified 2012-10-22T00:00:00

Description

                                        
                                            `=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- In The Name Of God -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=  
  
--------------------------------------------------------------------------------  
@ HZChoice CMS SQL Vulnerability  
--------------------------------------------------------------------------------  
--------------------------------------------------------------------------------  
# Name:HZChoice CMS SQL Vulnerability  
# Vendor: http://hzchoice.com/  
# Date: 2012-10-22  
# Author: Ashiyane Digital Security Team  
# Thanks to: 1337day.com,cxsecurity.com,packetstormsecurity.org  
# Home: www.ashiyane.org/forums/  
--------------------------------------------------------------------------------  
--------------------------------------------------------------------------------  
[+] Dork: intext:Designed by 263网建部 inurl:show.asp  
--------------------------------------------------------------------------------  
--------------------------------------------------------------------------------  
[+] Vulnerability ~>  
  
[+] Vulnerability: http://127.0.0.1/show.asp?id=[SQL]  
  
[+] Demo(s) :   
  
[+] http://www.chinadayangchem.com/show.asp?id=974'  
  
[+] http://www.china-ex.com/dqfb/show.asp?qkid=411'  
  
[+] http://home.slhs.tp.edu.tw/talking/bbs4/show.asp?repno=6976&page=110  
--------------------------------------------------------------------------------  
  
[+] Admin Page(s) : http://127.0.0.1/manage/login.asp  
  
===========================================================================  
@ Gr33tz:  
@ Ashiyane Members :  
@ Behrooz_Ice,Q7,Virangar,Iman_taktaz,Keivan,Ali_eagle,ruin3r,Hijacker,Rz04  
@ Taghva,M3QD4D,PrinceOfHacking,Hidden-Hunter,Root3r,elvator,unique2world  
@ Gladiator,Encoder,mmilad200,n3me3iz,Classic,r3d.z0n3,injector,zend,milad-bushehr,HidDeEn  
  
And All Ashiyane Bug ResearcherS  
===========================================================================  
  
ASHIYANE DIGITAL SECURITY TEAM  
  
Persian Gulf F0r Ever  
  
WE LOVE IRAN  
  
<<./By MojiRider >>  
`