Acuity CMS 2.7.1 SQL Injection

2010-06-16T00:00:00
ID PACKETSTORM:90713
Type packetstorm
Reporter L0rd CrusAd3r
Modified 2010-06-16T00:00:00

Description

                                        
                                            `  
  
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-0  
0 _ __ __ __ 1  
1 /' \ __ /'__`\ /\ \__ /'__`\ 0  
0 /\_, \ ___ /\_\/\_\ \ \ ___\ \ ,_\/\ \/\ \ _ ___ 1  
1 \/_/\ \ /' _ `\ \/\ \/_/_\_<_ /'___\ \ \/\ \ \ \ \/\`'__\ 0  
0 \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/ 1  
1 \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\ 0  
0 \/_/\/_/\/_/\ \_\ \/___/ \/____/ \/__/ \/___/ \/_/ 1  
1 \ \____/ >> Exploit database separated by exploit 0  
0 \/___/ type (local, remote, DoS, etc.) 1  
1 1  
0 [+] Site : Inj3ct0r.com 0  
1 [+] Support e-mail : submit[at]inj3ct0r.com 1  
0 0  
1 ########################################## 1  
0 I'm L0rd CrusAd3r member from Inj3ct0r Team 1  
1 ########################################## 0  
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=1  
Author: L0rd CrusAd3r aka VSN [crusader_hmg@yahoo.com]  
Exploit Title: Acuity CMS SQl Vulnerable  
Vendor url:http://www.acuitycms.com  
Version:2.7.1  
Price:100$  
Published: 2010-06-15  
Greetz to:Sid3^effects, MaYur, M4n0j, Dark Blue, S1ayer,d3c0d3r,KD and to  
all ICW members.  
Spl Greetz to:inj3ct0r.com Team  
  
~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~  
Description:-  
  
Acuity CMS is an affordable, very easy to use CMS offering a rich set of  
features despite its low price point. Advanced WYSIWYG editing (using Acuity  
Visual Editor), code cleaning, menu management, integrated search, and more.  
Free online demo available. Code: ASP 3.0 & VBScript  
  
~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~  
  
Vulnerability:  
  
*SQLi Vulnerability  
  
DEMO URL :  
  
http://demo.acuitycms.com/article.asp?page=[sqli]  
  
# 0day n0 m0re #  
# L0rd CrusAd3r #  
  
  
--   
With R3gards,  
L0rd CrusAd3r  
  
  
  
`