full-disclosure-uk July 2011 archive
Main Archive Page > Month Archives  > full-disclosure-uk archives
full-disclosure-uk: [Full-disclosure] Hong Kong Firms Internet S

[Full-disclosure] Hong Kong Firms Internet Services CMS Sql Injection Vulnerability

From: cyber netron <cybernetron_at_nospam>
Date: Sun Jul 31 2011 - 05:48:09 GMT
To: root@exploit-id.com, submissions@packetstormsecurity.org, full-disclosure@lists.grok.org.uk, submit <submit@offsec.com>, vulns@secunia.com

.__.__ .__ __
|__| | _____ __ __| |__ _____ ____ | | __ ___________
| | | / \| | \ | \\__ \ _/ ___\| |/ // __ \_ __ \
| | |_| Y Y \ | / Y \/ __ \\ \___| <\ ___/| | \/
|__|____/__|_| /____/|___| (____ /\___ >__|_ \\___ >__|
              \/ \/ \/ \/ \/ \/
                                                    .org
################################ Archieve an Resource About Hacking #####
#################### ################################################
#
# Exploit Title: Hong Kong Firms Internet Services CMS Sql Injection
Vulnerability
# Author: Netrondoank Aka netron
# home Page: http://www.ilmuhacker.org
# Forum : http://www.indonesiansecurity.info
# Vendor or Software Link: http://www.h-k.com.hk
# Version: N/A
# Category:: webapps
# Google dork: "Powered by Hong Kong Firms Internet Services"
# Tested on: Linux Back Track 5

####################################################################
# Proof Of Concept [POC]

http://site/newsdetail.php?ID=[sqli]
http://site/bespoke/events2.php?ID=[sqli]
http://site/news-detail.php?ID=[sqli]
http://site/productdetail.php?ID=[sqli]
http://site/service.php?ID=[sqli]
http://site/detail.php?ID=[sqli]
http://site/e-detail.php?ID=[sqli]
http://site/product-detail.php?ID=[sqli]
http://site/productdetail.php?ID=[sqli]
http://site/newsletterdetail.php?ID=[sqli]
http://site/servicedetail.php?ID=[sqli]
http://site/shop-detail.php?ID=[sqli]

#########################################################################################
#Greetz To:
Allah swt .free dom For Palestine .Indonesiansecurity.info, 1337day.com
packetstormsecurity.org, Exploit-id.com ,securityreason.com ,
securityfocus.com
##########################################################################################
############################### Archieve an Resource About
Hacking--Ilmuhackerdotorg ###########

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

   © Copyright 2012 Guardian Digital, Inc. All Rights Reserved.