header-logo
Suggest Exploit
vendor:
SantriaCMS
by:
Troy
7,5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: SantriaCMS
Affected Version From: Null/1.0
Affected Version To: Null/1.0
Patch Exists: N/A
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: LocalHost
2011

I Think, I can, But i’m just loser

SantriaCMS is vulnerable to SQL Injection. An attacker can inject malicious SQL queries via the 'idArtikel' parameter in the 'view.php' script. This can be exploited to bypass authentication, access, modify and delete data in the back-end database.

Mitigation:

Input validation should be used to prevent SQL injection attacks. Sanitize all user-supplied input to prevent malicious SQL code from being passed to the back-end database.
Source

Exploit-DB raw data:

# I Think, I can, But i'm just loser

# Author : Troy
# Date : Thursday, Dec 08, 2011
# Location : /home/troy
#
# -------- CMS info -----------
# Vendor : http://www.jasawebsitemurah.info/cms/
# Exploit title : SantriaCMS SQL Injection Vulnerability
# Dork : "view.php?idArtikel="
# Version : Null/1.0 mybe :p
# Tested On : LocalHost
# -----------------------------
#
# Internet For Freedom

# Exploit
#
# http://localhost/cms/
#
# http://localhost/cms/view.php?idArtikel=[SQL]
#


# --------- Thank's -----------
#
# Virgi, Hakz, r13y5h4. 
# Xpanda, Cesc, Riv182.
# 
# Greetz "WHT"
#
# ---------- End --------------

Navigation

Suggest Exploit

Services By CQR