LY Website CMS suffers from a remote SQL injection vulnerability. Note that this finding houses site-specific data.
4756b632d0ab3f467a35a95e2d3eaf6b58218fd25ab3f10aae2f252eaf91d43a
[+] Title: LY Website CMS Sql Injection vulnerability
[+] Date: 2014-08-15
[+] Author: Iran Security Group
[+] Vendor Homepage: http://www.lywebsite.com/
[+] Tested on: Windows7 & Kali Linux
[+] Vulnerable Files: /pro.php
[+} Dork : inurl:/pro.php?CateId=
intext:"Power By LY Website"
### POC: http://site/pro.php?CateId=[sqli]
### Demo: http://www.bypipefittings.com/pro.php?CateId=20%27
http://www.top1rc.com/pro.php?CateId=150%27
### Credits:
[+] Special Thanks: Root SmasheR, Hekt0r, Mr.Moein,Umpire, ALIREZA_PROMIS
Social Engineer, Ali Ahmady, Saeed.Jok3r,M4hdi
Vahid Hacker, BlackErroR, Phantom.S3c
And All members of Iran Security Group
[+] iransec.net