LY Website CMS SQL Injection

2014-08-15T00:00:00
ID PACKETSTORM:127899
Type packetstorm
Reporter Iran Security Group
Modified 2014-08-15T00:00:00

Description

                                        
                                            `[+] Title: LY Website CMS Sql Injection vulnerability  
[+] Date: 2014-08-15  
[+] Author: Iran Security Group  
[+] Vendor Homepage: http://www.lywebsite.com/  
[+] Tested on: Windows7 & Kali Linux  
[+] Vulnerable Files: /pro.php  
[+} Dork : inurl:/pro.php?CateId=  
intext:"Power By LY Website"  
### POC: http://site/pro.php?CateId=[sqli]  
### Demo: http://www.bypipefittings.com/pro.php?CateId=20%27  
http://www.top1rc.com/pro.php?CateId=150%27  
### Credits:  
[+] Special Thanks: Root SmasheR, Hekt0r, Mr.Moein,Umpire, ALIREZA_PROMIS  
Social Engineer, Ali Ahmady, Saeed.Jok3r,M4hdi  
Vahid Hacker, BlackErroR, Phantom.S3c  
And All members of Iran Security Group  
[+] iransec.net  
`