[-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-]

Exploit Title  : Seditio CMS SQL Injection Vulnerability

Exploit Author : Ashiyane Digital Security Team

Vendor Homepage: www.seditiocms.com

Google Dork    : intext:Powered by Seditio CMS

Date           : 2015-05-13

Tested On      : linux Kali + Windows Se7en

Link Software  : http://www.seditiocms.com/datas/users/1/1-10d40e-sed-en.rar


[-][-][-][-][-][-][-][-][-][-] DESCRITION [-][-][-][-][-][-][-][-][-][-]

Seditio CMS SQL injection vulnerabilities has been found and confirmed
within the software as an anonymous user.
The following URLs and parameters have been confirmed to suffer from
SQL injection.
Since link Redirect To . Injection can not manually
And all the data is converted to Base64

[-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-]

        ~ ~ ~>   Location Online Site Dem0  <~ ~ ~

                http://www.Target.com/page.php?id=[SQL]

[-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-]


Vulnerability File : page.php

Vulnerability CODE  :

$sql = sed_sql_query("UPDATE $db_pages SET
page_count='".$pag['page_count']."' WHERE
page_id='".$pag['page_id']."'");

[-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-]
       ::: >> ASHIYANE THE FIRST SECURITY FORUM IN IRAN << :::

            Discovered by : SeRaVo.BlackHat  >> H.4.S.S.4.N <<

     Special Tnx   : H_SQLI.EMpiRe - Ac!D - Und3rgr0und - EviL ShaDoW

[-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-]