###############################################################################
# Exploit Title: MindStorm CMS SQL Injection vulnerability
# Google Dork: inurl:index_base.php
# Date: 24/02/2013
# Exploit Author: Zyklon B - https://twitter.com/BZyklon#
# Vendor Homepage: http://www.mindstorm.pl/
# Software Link: http://www.mindstorm.pl/
# Version: Only one version of this CMS exists.
# Tested on: Firefox / Chrome
ADMIN ACCESS REQUIRED: NO
###############################################################################
Description: A simple MySQL>=5 injection integer based. This CMS is only found on polish websites.
Affected parameters: News_ID, page_ID, cat_ID, a_2501
************************************************
cat_ID URL example, where * is an integer:
http://target/index_base.php?cat_owner_ID=*&sub_cat_ID=*&option=product_list&cat_ID=(inject here)
------------------------------
News_ID URL example, where * is an integer:
http://target/index_base.php?Screen_Option=*&Page_ID=*&News_ID=(inject here)
---------------------------------
Page_ID URL example, where * is an integer:
http://target/index_base.php?Screen_Option=*&Page_ID=(inject here)
---------------------------------
a_2501 URL example, where * is an integer:
http://target/index_2501.php?b_2501=*&a_2501=(inject here)
************************************************
//The information contained within this publication is
//supplied "as-is"with no warranties or guarantees of fitness
//of use or otherwise. Bot24, Inc nor Bradley Sean Susser accepts
//responsibility for any damage caused by the use or misuse of
//this information