WFY CMS SQL Injection

2012.03.12

Credit: the_cyber_nuxbie

Risk: Medium

Local: No

Remote: Yes

CVE: N/A

CWE: CWE-89

Dork: inurl:\"/main1.php?id_webcontent=\" intext:\"Powered by WFY\"

1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0     _                   __           __       __                     1
1   /' \            __  /'__`\        /\ \__  /'__`\                   0
0  /\_, \    ___   /\_\/\_\ \ \    ___\ \ ,_\/\ \/\ \  _ ___           1
1  \/_/\ \ /' _ `\ \/\ \/_/_\_<_  /'___\ \ \/\ \ \ \ \/\`'__\          0
0     \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/           1
1      \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\           0
0       \/_/\/_/\/_/\ \_\ \/___/  \/____/ \/__/ \/___/  \/_/           1
1                  \ \____/ >> Exploit database separated by exploit   0
0                   \/___/          type (local, remote, DoS, etc.)    1
1                                                                      1
0  [+] Official Website: http://www.1337day.com                        0
1  [+] Support E-mail  : mr.inj3ct0r[at]gmail.com                      1
0                                                                      0
1                ##########################################            1
0                I'm NuxbieCyber Member From Inj3ct0r Team             1
1                ##########################################            0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1

[ WFYCMS - SQL Injection Vulnerability ]

[x] Author : the_cyber_nuxbie
[x] Home   : www.thecybernuxbie.com
[x] E-mail : staff@thecybernuxbie.com
[x] Found  : 11 March 2012 @ 12:39 PM.
[x] Tested : Back|Track 5.
[x] Dork   : inurl:"/main1.php?id_webcontent=" intext:"Powered by WFY"
________________________________________________________________________
************************************************************************

- Exploit Report:
http://localhost/WebApps/main1.php?id_webcontent=[SQL Injection]

- Private Area:
http://localhost/WebApps/admin/ <--- LogIn Area...!!!

- Sample WebApps Vuln SQLi:
http://autoaccent.nl/main1.php?id_webcontent=1' + [SQL Injection]
http://bodyboomers.nl/main1.php?id_webcontent=25' + [SQL Injection]
http://cafedekrim.nl/main1.php?id_webcontent=22' + [SQL Injection]
http://codyparts.nl/main1.php?id_webcontent=42' + [SQL Injection]
http://do-in.nl/main1.php?id_webcontent=22' + [SQL Injection]
http://geodrilling.nl/main1.php?id_webcontent=21' + [SQL Injection]
http://klokdriebergen.nl/main1.php?id_webcontent=1' + [SQL Injection]
http://lichtreclamezuilen.nl/main1.php?id_webcontent=21' + [SQL Injection]
http://maesbouviers.be/main1.php?id_webcontent=24' + [SQL Injection]
http://mdinternetservice.nl/main1.php?id_webcontent=4' + [SQL Injection]
http://minderwegenin2009.nl/main1.php?id_webcontent=24' + [SQL Injection]
http://parketgallery.nl/main1.php?id_webcontent=23' + [SQL Injection]
http://savelkoulsspeeltoestellen.nl/main1.php?id_webcontent=21' + [SQL Injection]
http://schaajcomputers.nl/main1.php?id_webcontent=37' + [SQL Injection]
http://succesvolwerken.nl/main1.php?id_webcontent=21' + [SQL Injection]
http://tulnerstukadoors.nl/main1.php?id_webcontent=21' + [SQL Injection]
http://wimboelenstuinaanleg.nl/main1.php?id_webcontent=21' + [SQL Injection]
, And Many More @ Google...!!!

- Greetz:
*** 1337day Inject0r TEAM ***
...:::' All Member & Staff Inject0r TEAM ':::...

References:

http://www.thecybernuxbie.com/

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

WFY CMS SQL Injection

Dork: inurl:\"/main1.php?id_webcontent=\" intext:\"Powered by WFY\"

References:

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.