toronja cms SQL Injection Vulnerability

vendor:

toronja cms

by:

cyberlog

7,5

CVSS

HIGH

SQL Injection

CWE

Product Name: toronja cms

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: N/A

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2009

toronja cms SQL Injection Vulnerability

An attacker can exploit this vulnerability by injecting malicious SQL queries into the vulnerable parameters of the application. This can allow the attacker to gain access to sensitive information stored in the database, such as user credentials, or to modify or delete data.

Mitigation:

Input validation should be used to prevent SQL injection attacks. All user-supplied input should be validated and filtered before being used in SQL queries.

Source

Exploit-DB raw data:

===============================================
toronja cms SQL Injection Vulnerability
===============================================


               __                  __               
 .----..--.--.|  |--..-----..----.|  |.-----..-----.
 |  __||  |  ||  _  ||  -__||   _||  ||  _  ||  _  |
 |____||___  ||_____||_____||__|  |__||_____||___  |
       |_____|                               |_____|

####################################################
# toronja cms SQL Injection Vulnerability
####################################################
# Vendor:http://www.toronja.com.pe/
# Discovered by : cyberlog
# Site          : Sekuritionline.net
# Channel       : #SekuritiOnline [ Now Just My Bot ] :P

# Dork          : "sitio web diseñado por www.toronja.com.pe"
]

# Exploit       : [site]/index.php?plantilla=contenido_lista&ncategoria1=[SQL Injection]
                  [site]/interior.php?IDIOMA=SP&plantilla=contenido&ncategoria1=[SQL Injection]
                  
# Thanks        : r0073r,adhietslank, k1n9k0ng, cr4wl3r,cah_gemblunkz,
                  jayoes,thesims,setiawan,irvian,EA_Angel,BlueSpy,SoEy,A-technique,Jantap,KiLL,blindboy,sukam,
                  SarifJedul,wiro gendeng,Letjen,ridho_bugs,Ryan Kabrutz,Mathews,aurel666,Inoef,dbanie,

# special to Mama Sri Rahayu, Member& Staff Sekuritonline, C0li a.k.a antisecurity [ pinjem script perl-na ] :),
# Hiroyuki Doni thanks to create New design SO T-shirt :)P 
# Inj3ct0r Now Brothers with Sekuritionline
                
####################################################
# Demo: 
# http://localhost/index.php?plantilla=contenido_lista&ncategoria1=[SQL Injection]

####################################################

We never die !!!! indonesian Underground Community
!!!!! anjing buat oknum Pemerintah yang suka nilep uang rakyat !!!
!!!!! anjing juga buat admin site indon3sia yang merasa sok h3bat, dikasih tahu ada hole malah nyolot !!!!!

KacrUt I h@te U :P [ jika kau tidak mau aku katakan LOv3 ]
Give me NOCAN Brothers :P
am nt hacker just Lik3 Syst3m S3curity

 .-----..-----.|  |--..--.--..----.|__||  |_ |__|.-----..-----.|  ||__|.-----..-----.
 |__ --||  -__||    < |  |  ||   _||  ||   _||  ||  _  ||     ||  ||  ||     ||  -__|
 |_____||_____||__|__||_____||__|  |__||____||__||_____||__|__||__||__||__|__||_____|