CnnCMS 1.x SQL Injection Vulnerability

2012-03-04 / 2012-03-05
Credit: X-Cisadane
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-89
Dork: inurl:sub_menu.php?sid=

========================================================================= CnnCMS 1.x SQL Injection Vulnerability ========================================================================= :-------------------------------------------------------------------------------------------------------------------------: : # Exploit Title : CnnCMS 1.x SQL Injection Vulnerability : # Date : March 3rd 2012 : # Author : X-Cisadane : # Software Link : http://www.thinknolimits.com/ : # Version : 1.x : # Category : Web Applications : # Vulnerability : SQL Injection : # Tested On : Google Chrome 14.0.835 (Windows) : # Dorks : inurl:sub_menu.php?sid= : # Greetz to : X-Code, Muslim Hackers, Depok Cyber, Hacker Cisadane, Borneo Crew, Dunia Santai, Jiban Crew, CodeNesia, Axon Code, Jember Hacker, Winda Utari :-------------------------------------------------------------------------------------------------------------------------: SQL Injection Vulnerability : - Open Victim Website : http://<site>/<CnnCMS Path>/sub_menu.php?sid=-[SQL] Example : http://garxxxxxxakfurniture.com/sub_menu.php?sid=-13 http://lunxxxxxxx.id/sub_menu.php?sid=-1 http://www.djxxxxxxxxxub_menu.php?sid=-1 http://www.gxxxxxxxm/sub_menu.php?sid=-1 http://www.haxxxxxxxxxcom/sub_menu.php?sid=-2 http://www.suwxxxxxxxxxxxtama.co.id/sub_menu.php?sid=-1 Admin Page (Default) : http://<site>/<CnnCMS Path>/admin/ Sent from my BlackBerry smartphone from Sinyal Bagus XL, Nyambung Teruuusss...!

References:

http://www.thinknolimits.com/


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top