Changomedia SQL Injection

Posted on 12 June 2012

==> ABOUT ME:
--- TAURUS OMAR
--- INDEPENDENT SECURITY RESEARCHER
--- ACCESOILEGAL.BLOGSPOT.COM
--- @omartaurus
--- omar-taurus[at]dragonsecurity[dot]org
--- omar-taurus[at]live[dot]com

===> INFO:
Author : TAURUS OMAR
Category : Webapps / 0day
Title Exploit : Changomedia - SQL Injection Vulnerability
Vendor : Changomedia
URL Vendor : http://changomedia.com.ar/
Google Dork : intext:"Pwrd:Changomedia" Or intext: Changomedia diseÃ±o & hosting

==> SAMPLE'S SQLi:
http://www.quadcrossx.com/paginas.php?ID=148 [SQL Injection]
http://ynfinity.com.ar/paginas.php?ID=25 [SQL Injection]
http://www.hoteldelaciudad.com/paginas.php?ID=6 [SQL Injection]
http://www.juruju-jaja.com.ar/paginas.php?ID=7 [SQL Injection]
http://www.envasadoraservpack.com.ar/paginas.php?ID=24 [SQL Injection]

MORE IN GOOGLE..

TOP

Malware :

RATDispenser
whispergate
Borat RAT
Trojanized X_Trader
BlackLotus

Last 20

Exploits :

Nethserver 7 / 8 Cross Site Scripting
Joomla 4.2.8 Information Disclosure
CHAOS 5.0.8 Cross Site Scripting / Remote Command Execution
Rocket LMS 1.9 Cross Site Scripting
PopojiCMS 2.0.1 Remote Command Execution

Last 20