Honey Soft CMS SQL Injection Vulnerability

2014.01.03

Credit: Ashiyane Digital Security Team

Risk: Medium

Local: No

Remote: Yes

CVE: N/A

CWE: CWE-89

Dork: inurl:\"detail.php?prod_detail=\"

######################
# Exploit Title : Honey Soft CMS SQL Injection Vulnerability
# Exploit Author : Ashiyane Digital Security Team
# Vendor Homepage : http://www.honeysoft.net/
# Google Dork : inurl:"detail.php?prod_detail="
# Date: 2013/12/19
# Tested On : Win7
# Software Link : http://www.honeysoft.net/
# Version : N/A
######################
#
# Exploit : http://www.site.com/detail.php?prod_detail=[SQLi]
#
# ============================================================
#
http://www.bXike-stars.com/detail.php?prod_detail=823
#
http://victorXbudo.com/detail.php?prod_detail=464
#
http://www.chughXtaisports.com/detail.php?prod_detail=605
#
www.dranbsimpeXx.com/detail.php?prod_detail=3735
#
http://sultaninstrXments.com/detail.php?prod_detail=3424
#
http://paliconsurXical.com/detail.php?prod_detail=2155
#
http://www.psurXical.com/detail.php?prod_detail=3426
#
http://surgicalstXock.com/detail.php?prod_detail=702
#
http://www.aaXir-sports.com/detail.php?prod_detail=197
#
######################
# discovered by : Spoof
######################**

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Honey Soft CMS SQL Injection Vulnerability

Dork: inurl:\"detail.php?prod_detail=\"

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.