header-logo
Suggest Exploit
vendor:
Flexphpdiren CMS
by:
x0r
7.5
CVSS
HIGH
SQL Injection and Shell Upload
89
CWE
Product Name: Flexphpdiren CMS
Affected Version From: 0.0.1
Affected Version To: 0.0.1
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
2008

Flexphpdiren CMS SQL Injection and Shell Upload Vulnerability

The Flexphpdiren CMS version 0.0.1 is vulnerable to SQL injection in the 'usercheck.php' and 'add.php' files. An attacker can exploit this vulnerability to bypass authentication and execute arbitrary SQL queries. Additionally, the 'add.php' file allows an attacker to upload malicious files and gain unauthorized access to the server.

Mitigation:

To mitigate this vulnerability, it is recommended to upgrade to a newer version of Flexphpdiren CMS that includes a patch for this issue. Additionally, input validation and parameterized queries should be implemented to prevent SQL injection attacks. Server configurations should also be hardened to prevent unauthorized file uploads.
Source

Exploit-DB raw data:

#############################################
Autore: x0r
Email: andry2000@hotmail.it
Site: http://w00tz0ne.altervista.org/index.php
Cms: Flexphpdiren
Version: 0.0.1
Download: http://www.china-on-site.com/flexphpdir/
##############################################

Bug In \admin\usercheck.php 'n' \add.php

$sql = "select username,adminid from linkexadmin where
username='$checkuser' and password='$checkpass'";


Exploit:
 
Go to /[path]/admin/index.php
Put as username and password the following sql code: ' or '1=1

Shell Upload:

Exploit: \add.php upload your shell and after /photo/ to see your shell ^ ^

Greetz: I Miss You...

# milw0rm.com [2008-12-29]

Navigation

Suggest Exploit

Services By CQR