Geomi CMS 1.2/3.0 – SQL Injection - 体验盒子

作者： ThunDEr HeaD

日期： 2011-02-11

类别：

webapps

平台：

php

来源：https://www.exploit-db.com/exploits/16155/

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

32

33

34

35

36

37

38

39

40

41

42

43

44

45

46

47

48

49

50

51

52

53

54

55

56

57

58

59

#########################################################################

[+] Exploit Title : Geomi CMS by Tridan IT [ Sql Injection Vunerability ]

[~] Author : ThunDEr HeaD

[~] Contact : thunderhead10@gmail.com

[~] Date : 11-01-2011

[~] HomePage : www.indishell.in

[~] Version : 1.2 , 3.0

[~] Tested on : PBL Technology

[~] Vulnerability Style : PHPCMS [ Sql Injection Vunerability ]

[~] Vendor: http://we.are.tridan.it/

#########################################################################

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

<3 Love: -[SiLeNtp0is0n]-, stRaNgEr(lucky), inX_rOot, NEO H4cK3R, DarkL00k, Th3 RDX, G00g!3 W@rr!0r, Mahi ,

eXeSoul, str1k3r, co0Lt04d , ATUL DWIVEDI , Jackh4xor

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

......\m/ INDIAN CYBER ARMY \m/......

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

Vulnerability:

*SQL injection Vulnerability*

[#] http://server/cms.php?categoryid=10

[#] http://server/cms.php?categoryid=[SQLi]

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

=> PROUD TO BE AN INDIAN | Anythning for INDIA | JAI-HIND | Maa Tujhe Salam

=> c0d3 for motherland, h4ck for motherland

Enj0y! :D

[#] DOne now time to rock \m/

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

Bug discovered : 11 feb 2011

finish(0);

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

#End 0Day#