header-logo
Suggest Exploit
vendor:
Content Management System (PHP+MySQL)
by:
Gjoko 'LiquidWorm' Krstic
7,5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: Content Management System (PHP+MySQL)
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Apache 2.x (linux), PHP/5.2.11 and MySQL/4.1.22
2009

UK One Media CMS (id) Error Based SQL Injection Vulnerability

UK One Media CMS suffers from an sql injection vulnerability when parsing query from the id param which results in compromising the entire database structure and executing system commands.

Mitigation:

Input validation and sanitization should be done to prevent SQL injection attacks.
Source

Exploit-DB raw data:

					O
				       / \
				      /	  \
				     /	   \
				    /	    \
				   /	     \
				  /	      \
				 /	       \
				/		\
			       /		 \
			      /			  \
			     /			   \
			    /			    \
			   /			     \
			  /			      \
			 /			       \
			/				\
		       /				 \
		      /					  \
		     /					   \
		    /					    \
		   /					     \
		  /					      \
		 /					       \
		/						\
	       /						 \
	      /							  \
	     /							   \
	    /							    \
	   /							     \
	  /							      \
	 /							       \
	/								\
       /								 \
      /									  \
     /									   \
    /									    \
   /									     \
  /									      \
 /									       \
/										\
#################################################################################
|										|
|										| 
| UK One Media CMS (id) Error Based SQL Injection Vulnerability			|
|										|
|										|
|										|
| Summary: Content Management System (PHP+MySQL)				|
|										|
| Vendor: UK One Media - http://www.uk1media.com				|
|										|
| Desc: UK One Media CMS suffers from an sql injection vulnerability		|
| when parsing query from the id param which results in compromising		|
| the entire database structure and executing system commands.			|
|										|
| Tested on Apache 2.x (linux), PHP/5.2.11 and MySQL/4.1.22			|
|										|
|										|
---------------------------------------------------------------------------------
|										|
| GET .../viewArticle.php?id=xx%27						|
|										|
| Warning: mysql_fetch_array(): supplied argument is not a valid MySQL		|
| result resource in /home/lqwrm/public_html/xxx/include/DbConnector.php	|
| on line xx.									|
|										|
---------------------------------------------------------------------------------
|										|
|										|
|										|
| Vulnerability discovered by Gjoko 'LiquidWorm' Krstic				|
|										|
| liquidworm gmail com								|
|										|
| http://www.zeroscience.mk							|
|										|
|										|
|										|
| Advisory ID: ZSL-2010-4942							|
|										|
| Advisory: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4942.php	|
|										|
|										|
| 24.05.2010									|
|										|
|										|
#################################################################################
|										|
|										|
| Dorks:									|
|										|
|	"Web Design London by UK One Media - ecommerce - Web Hosting"		|
|	"Powered by Websoftrus CMS"						|
|										|
|										|
|										|
|										|
| Point:									|
|										|
|	http://www.example.com/viewArticle.php?id=[value]+and+1=0+[evil query]	|
|										|
|										|
|										|
|										|
#################################################################################

Navigation

Suggest Exploit

Services By CQR