IVAO Software Development CMS SQL Injection Vulnerability

2012-08-29 14:05:37

+----------------------------------------------------------------------+
# Exploit Title: ivao cms Sql injection vulnerability
# Google Dork: inurl:events/index.php?page=details&id=
# Date: 28/08/2012
# Exploit Author: Tunisian spl01t3r
# Vendor Homepage: http://www.ivao.aero/
# Version: RC3
# FB profile: www.facebook.com/TN.spl0it3r
+----------------------------------------------------------------------+
____ (_) ____ ___
( _ \| |( _ \ / _ \
| | | | || | | x |_|
| ||_/|_|| ||_/ \___/
|_| |_|
_
(_) ____ ____ ____ _____
| | / __| / __| \__ \ / ` \
| | \___ \ \___ \ / _ \_ | Y Y \
|_| |____/ |____/ (_____/ |_|_|__/
+----------------------------------------------------------------------+

[+] Exploit :

www.site.com/[path]/events/index.php?page=details&id={SQL}

+----------------------------------------------------------------------+
[+] greetz to : BIbou sfaxien ; mech lazem ; tn_scorpion ; anas laaribi ;
jendoubi ahmed ; s-man ; chaouki mkachakh & ;) --Geni ryodan-- ;)
daly azrail ; med.bradai<3 ; Firas Arfaoui ; mohamed bel ;
hassen ben mbarek ; prince bibou ; ghazy info ;
Safoine sassi ; DR.hsm ; 7rouz ; THE 077 ;
& all tn_spl01t3r's freinds
mAhna mAhna


+----------------------------------------------------------------------+

Fixes

No fixes

Per poter inviare un fix è necessario essere utenti registrati.