[webapps / 0day] - Online Studio (CMS) Zoo2 SQL Injection Vu
Posted on 07 December 2010
<!DOCTYPE html PUBLIC '-//W3C//DTD XHTML 1.0 Strict//EN' 'http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd'><html xmlns='http://www.w3.org/1999/xhtml'><head><meta http-equiv='Content-Type' content='text/html; charset=utf-8' /><meta http-equiv='Content-Language' content='en' /><title>Online Studio (CMS) Zoo2 SQL Injection Vulnerability | Inj3ct0r - exploit database : vulnerability : 0day : shellcode</title><meta name='description' content='Online Studio (CMS) Zoo2 SQL Injection Vulnerability by cyberlog in webapps / 0day | Inj3ct0r 1337 - exploit database : vulnerability : 0day : shellcode' /><link rel='shortcut icon' href='/favicon.ico' type='image/x-icon' /><link rel='alternate' type='application/rss+xml' title='Inj3ct0r RSS' href='/rss' /><script type='text/javascript'>var _gaq = _gaq || [];_gaq.push(["_setAccount", "UA-12725838-1"]);_gaq.push(["_setDomainName", "none"]);_gaq.push(["_setAllowLinker", true]);_gaq.push(["_trackPageview"]);(function(){var ga = document.createElement("script"); ga.type = "text/javascript"; ga.async = true;ga.src = ("https:" == document.location.protocol ? "https://ssl" : "http://www") + ".google-analytics.com/ga.js";var s = document.getElementsByTagName("script")[0]; s.parentNode.insertBefore(ga, s);})();</script></head><body><pre>==================================================== Online Studio (CMS) Zoo2 SQL Injection Vulnerability ==================================================== # Vendor : http://www.zoo2.com.au/ # prices : Not Yet:P # Discovered by : cyberlog # Site : Sekuritionline.net # Channel : #SekuritiOnline & #Bajingan [ Now Just My Bot ] # Dork : "inurl:"m4h0 w4s h3r3" # Exploit : [site]/news.html?news_id= [SQL Injection] [site]/Whats_New.html?news_id= [SQL Injection] [site]/eventdisplay.php?id= [sql injection ] # Backd0r can Upload from admin panel :( [ ext.php allowed to panel admin ] # Thanks : GOD,r0073r,adhietslank, k1n9k0ng, cr4wl3r,cah_gemblunkz, jayoes,thesims,setiawan,irvian,EA_Angel,BlueSpy,SoEy,A-technique,Jantap,KiLL,blindboy,sukam,pencopet_cinta, pomponk, SarifJedul,wiro_gendenk,Letjen,ridho_bugs,Ryan_Kabrutz,aurel666,Inof,dbanie, GuA_NinOx, ant0_h@ck, marlon_inside # special to Mama Sri Rahayu, Member& Staff Sekuritonline,Inj3ct0r, H4ckb0x,JatimCr3w,ManadoCoding, Bajingan Crew, # C0li a.k.a antisecurity [ pinjem script perl-na ] # Hiroyuki Doni thanks to create New design SO T-shirt P # Inj3ct0r Now Brothers with Sekuritionline # inj3ct0r change to http://1337db.com/ # I'm n't hacker just lik3 security system :) # just for education :) #################################################### # Demo offline: # http://localhost/news.html?news_id= [SQL Injection] #################################################### # <a href='http://1337db.com/'>1337db.com</a> [2010-12-07]</pre></body></html>
