Cosmos Solutions cms SQL Injection Vulnerability

vendor:

cms

by:

gendenk

8,8

CVSS

HIGH

SQL Injection

CWE

Product Name: cms

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2009

Cosmos Solutions cms SQL Injection Vulnerability

The vulnerability exists in the Cosmos Solutions cms, which allows an attacker to inject malicious SQL queries via the 'page' and 'id' parameters in the 'p_inf.php' and 'index.php' scripts respectively.

Mitigation:

Input validation should be used to prevent SQL injection attacks. All user-supplied input should be validated and filtered before being used in an SQL query.

Source

Exploit-DB raw data:

####################################################
# Cosmos Solutions cms SQL Injection Vulnerability
####################################################
# Vendor:http://www.cosmossolutions.net/
# Discovered by : gendenk
# Site : http://jatimcrew.org
# Dork : "Webdesign Cosmos Solutions"

# Exploit : [site]/p_inf.php?page=[SQL Injection]
# Exploit : [site]/index.php?id=[SQL Injection]

####################################################
# Demo:
# http://localhost/p_inf.php?page=[SQL Injection]


# Demo:
# http://localhost/index.php?id=[SQL Injection]

####################################################
Life is challanging, the fear of challanges, causing you for backwardness..Facing for the bright future..

#Thanks to : ALLAH SWT dan Nabi Muhammad SAW

Cyberlog, Cr4wl3r, Byz9991, Darkavanger, Newbie_Campuz,Unixcode,Bom2stalker, Phoenixhaxor, Xcyberx and MAMA Sri Rahayu [ istri cyberlog ] Semoga Cepet Sembuh..

Buat Yayank Ucrit I Love U Full :P


All Member Jatimcrew, Sekuritionline..