BRIM < 2.0.0 SQL InjectionExploit information
- Exploit Title: BRIM < 2.0.0 SQL Injection
- Google Dork: "Brim project" intitle:"Brim - login"
- Date: 2012-02-20
- Author: ifnull
- Tested on: Apache/2.2.3, PHP/5.1.6, MySQL 5.0.45 � although it should
work on any environment. Example uses MySQL 5 query escape but can easily
be ported to prior versions of MySQL.
- Description: Unlike CVE-2008-4082, this will work with or without
magic_quotes_gpc enabled. Like the last exploit however, you must first
create an account and enable "tasks". By default anyone can create an
account and the accounts are automatically approved.
- Version: < 2.0.0
- Link: http://sourceforge.net/projects/brim/
- Description: BRIM is a MVC framework, written in PHP and based on
items with a hierarchical relationship. The list of plugins make BRIM a
Information Manager with plugins like bookmarks, a calendar, contacts
tasks, notes, RSS etc. The application is multilingual.
Proof of ConceptPOST