Site! Professional Edition 2.1 CMS SQL Injection Vulnerability

2010-07-22T00:00:00
ID 1337DAY-ID-13430
Type zdt
Reporter Darkzzzz
Modified 2010-07-22T00:00:00

Description

Exploit for php platform in category web applications

                                        
                                            ==============================================================
Site! Professional Edition 2.1 CMS SQL Injection Vulnerability
==============================================================

Author : Darkzzzz , poni
Email : [email protected]
Date : 22 July 2010
web : http://forum.xcode.or.id

[0x00] Informations :
# Discovered : Darkzzzz , poni
# Homepage : http://forum.xcode.or.id
# Product : CMS Site! Professional Edition 2.1
# Vendor Site : http://www.assolo.net
# Vulnerability : SQL Injection
# Dork : inurl:/index.php?node= &lng=

[0x01] SQL Injections :
# POC : http://www.site.com/index.php?node=xxx&lng=x[SQLi]
# Demo : http://www.collinadoro.com/index.php?node=51&lng=1[SQLi]


[0x02] Thanks & Greetz :
# inj3ct0r.com, All XCode-Yogyafree-Yogya Family Code staff,
# serverisdown.org, ssteam.ws, codenesia.com,
# hacker-newbie.org, YogyaCarderlink.web.id, devilzc0de.org,
# indonesianhacker.or.id



#  0day.today [2018-04-12]  #