Dede CMS All Versions SQL Injection Vulnerability

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : Dede CMS All Versions SQL Injection Vulnerability
# Published : 2011-12-30
# Author :
# Previous Title : Muster Render Farm Management System Arbitrary File Download
# Next Title : Open Conference/Journal/Harvester Systems <= 2.3.X Multiple RCE Vulnerabilities

# Dede Cms All Versions Sql Vulnerability Exploit
# </ No Priv8 , Everything is Public >
# Date: 30/12/2011 - 13:00
# Author: [ CWH ] | Finded By : Nafsh
# We Are : Mr.M4st3r , Nafsh , Skote_Vahshat , HijaX
# Support: Cyberwh.org
# Mail: Nafsh@live.com
# Software Website: http://www.dedecms.com
# Security Risk: High
# Platform: Php

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

[$] Dorks:  inurl:"id" "DedeCMS Error Warning!"

[#] Vulnerable Files : 

/list.php?id=[sql]
/members.php?id=[sql]
/book.php?id=[sql]

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
</ No Priv8 , Everything is Public >
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
#Cyberwh.org