header-logo
Suggest Exploit
vendor:
SantriaCMS
by:
Troy
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: SantriaCMS
Affected Version From: Null/1.0
Affected Version To: Null/1.0
Patch Exists: N/A
Related CWE: N/A
CPE: a:jasawebsitemurah.info:santriacms
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: LocalHost
2011

SantriaCMS SQL Injection Vulnerability

SantriaCMS is vulnerable to SQL injection. An attacker can exploit this vulnerability by sending malicious SQL queries to the vulnerable application. This can be done by sending malicious input to the 'idArtikel' parameter of the 'view.php' page. This can allow an attacker to gain access to the database and execute arbitrary SQL commands.

Mitigation:

Input validation should be used to prevent SQL injection attacks. All user-supplied input should be validated and filtered before being used in SQL queries.
Source

Exploit-DB raw data:

# I Think, I can, But i'm just loser

# Author : Troy
# Date : Thursday, Dec 08, 2011
# Location : /home/troy
#
# -------- CMS info -----------
# Vendor : http://www.jasawebsitemurah.info/cms/
# Exploit title : SantriaCMS SQL Injection Vulnerability
# Dork : "view.php?idArtikel="
# Version : Null/1.0 mybe :p
# Tested On : LocalHost
# -----------------------------
#
# Internet For Freedom

# Exploit
#
# http://localhost/cms/
#
# http://localhost/cms/view.php?idArtikel=[SQL]
#


# --------- Thank's -----------
#
# Virgi, Hakz, r13y5h4. 
# Xpanda, Cesc, Riv182.
# 
# Greetz "WHT"
#
# ---------- End --------------

Navigation

Suggest Exploit

Services By CQR