CafeEngine 2.3 - SQL Injection

EDB-ID:

13769

CVE:

N/A

EDB Verified:

Author:

Sid3^effects

Type:

webapps

Exploit:   /  

Platform:

PHP

Date:

2010-06-08

Vulnerable App: 
==========================================================
             CafeEngine CMS V2.3 SQLI Vulnerability  
==========================================================
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0     _                   __           __       __                     1
1   /' \            __  /'__`\        /\ \__  /'__`\                   0
0  /\_, \    ___   /\_\/\_\ \ \    ___\ \ ,_\/\ \/\ \  _ ___           1
1  \/_/\ \ /' _ `\ \/\ \/_/_\_<_  /'___\ \ \/\ \ \ \ \/\`'__\          0
0     \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/           1
1      \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\           0
0       \/_/\/_/\/_/\ \_\ \/___/  \/____/ \/__/ \/___/  \/_/           1
1                  \ \____/ >> Exploit database separated by exploit   0
0                   \/___/          type (local, remote, DoS, etc.)    1
1                                                                      1
0  [+] Site            : Inj3ct0r.com                                  0
1  [+] Support e-mail  : submit[at]inj3ct0r.com                        1
0                                                                      0
1               ##########################################             1
0               I'm Sid3^effects member from Inj3ct0r Team             1
1               ##########################################             0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1

Name : CafeEngine CMS V2.3 SQLI Vulnerability  
Date : june, 8 2010
Vendor url :http://www.cafeengine.com/
Price: $115
Author : Sid3^effects aKa HaRi <shell_c99[at]yahoo.com>
special thanks to : r0073r (inj3ct0r.com),MaYur,LiquidWorm,gunslinger_
greetz to :All ICW members.

###############################################################################################################
Description:
CafeEngine is a professional CMS for cafe or restaurant web site. It's not a set of scripts only, but allow to provide new level of service to restaurant visitors and administration.

CafeEngine Features

    * Shopping cart developed especially for restaurant sites
    * Fully customizeable
    * Photo gallery
    * Free installation
    * Google map integration
    * 24/7 email support
    * PayPal integration
    * Unlimited number of static site pages
    * Advanced site navigation
    * SEO - friendly
    * News,Events,Reviews etc...

###############################################################################################################
Xploit: SQLI

DEMO :http://server/restaurant-site-cms-script-demo/dish.php?id=[sqli]
 
###############################################################################################################
#Sid#^effects
Tags:
Advisory/Source: Link
Databases Links Sites Solutions
Exploits Search Exploit-DB OffSec Courses and Certifications
Google Hacking Submit Entry Kali Linux Learn Subscriptions
Papers SearchSploit Manual VulnHub OffSec Cyber Range
Shellcodes Exploit Statistics Proving Grounds
Penetration Testing Services
Exploits Google Hacking Papers Shellcodes
Search Exploit-DB Submit Entry SearchSploit Manual Exploit Statistics
OffSec Kali Linux VulnHub
Courses and Certifications Learn Subscriptions OffSec Cyber Range Proving Grounds Penetration Testing Services