prime creative CMS Blind SQL Injection Vulnerability

2012-03-26T00:00:00
ID 1337DAY-ID-17840
Type zdt
Reporter H-SK33PY
Modified 2012-03-26T00:00:00

Description

Exploit for php platform in category web applications

                                        
                                               010101010101010101010101010101010101010101010101010101010
   0                                                       0
   1        Iranian Datacoders Security Team 2010          1
   0													   0
   1               WWW.DataCoders.Org                      1
   010101010101010101010101010101010101010101010101010101010

############################################################################
# Exploit Title: prime creative CMS BSQL Injection Vulnerability            #
# Date: 03/26/2012  													   # 
# Author: H-SK33PY									            		   #
# Vendor Link: http://www.primecreative.com/                               #
# Version :  N/A 														   #
# Platform / Tested on: php/linux										   #
# Dork: inurl:index.php?MenuID=  & intext:developed by prime creative      #
# Category: webapplications												   #
# Code : [SQL injection]												   #
# Our Website: http://www.datacoders.org/						           #
############################################################################

After after use Sting (') and find bug  for injection at sites run SQL Inject :


example : 
http://[PATH]/index.php?MenuID=[BSQL injection]


Live demo : 

http://www.snugpak.com/index.php?MenuID=160-133[bsql injection]
http://www.netherleighandrossefieldschool.co.uk/index.php?MenuID=-168[bsql injection]
http://testing.primecreative.com/ocean/index.php?MenuID=288-288-288[bsql injection]


Good Luck 




	
############################################################################################
#																						   #
# We Are: H-SK33PY | Immortal Boy | D4rkC0d3 | r00t | v30sharp  | ARTA                     #
# 																						   #
#                           And All Iranian DataCoders Members       					   #
# 																						   #
#                            Don't Forget WwW.DataCoders.Org							   #    
############################################################################################



#  0day.today [2018-02-19]  #