Minerva Infotech CMS 1.0 Blind SQL Injection

2012.04.12

Credit: Andrea Bocchetti

Risk: Medium

Local: No

Remote: Yes

CVE: N/A

CWE: CWE-89

Exploit Title: Minerva infotech CMS Blind SQL injection Vulnerability
Date: 07/04/2012
Author: Andrea Bocchetti
Url : http://www.minervait.com/cms-demo/
CMS : Minerva infotech CMS
VERSION : 1.0
Category: webapps
Info : Minerva infotech CMS 1.0 is used to create, edit, manage, and
publish content in a consistently organized fashion. CMS are used for
storing, controlling, versioning and publishing industry-specific
documentation such as news, articles, operators' manuals, technical
manuals, sales guides and marketing brochures. The content management
may include computer files, image media, audio files, video files,
electronic documents and web content. Minerva Infotech CMS 1.0 is very
user friendly and easy to use CMS.
Minerva Infotech CMS 1.0 is the easiest way to control the content of
the website and the website owner can easily change their contents.
General user with basic knowledge can control their website easily.
CMS 1.0 user guide will help user to understand each and every aspect
of the CMS panel.
Exploit : http://www.host.com/path/content.php?ID=X ' <- BLIND SQL INJECTION

References:

http://www.minervait.com/cms-demo/

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Minerva Infotech CMS 1.0 Blind SQL Injection

References:

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.