Speck CMS SQL Injection

Speck CMS SQL Injection: Posted May 3, 2013; Authored by Jason Whelan; Speck CMS suffers from multiple remote SQL injection vulnerabilities. The latest framework as of 05/02/2013 is affected.; tags | exploit, remote, vulnerability, sql injection; SHA-256 | af0c4fd03471abd25cd0417d9aac71d0df6693743f31e36f97bba17515c094f7; Download | Favorite | View

Speck CMS SQL Injection

Author: Jason Whelan
PacketStorm: exploitdev
Email: exploitdevj@gmail.com

Target Software: Speck CMS Framework, Latest
Vendor URL: http://www.speckcms.org/

Multiple SQL Injection Vulnerabilities

Examples:

portal/user.cfm:
<cfquery name="qUser" datasource="#request.speck.codb#">
        SELECT * FROM spUsers WHERE username = '#url.username#'
</cfquery>

portal/group.cfm:
<cfquery name="qGroup" datasource="#request.speck.codb#">
        SELECT * FROM spGroups WHERE groupname = '#url.groupname#'
</cfquery>


Many more exist in this CMS framework. Exploitation will depend on the use
of these files within the user's CMS.

Top Authors In Last 30 Days

Red Hat 288 files
Ubuntu 99 files
Gentoo 29 files
indoushka 26 files
Debian 16 files
Sina Kheirkhah 7 files
tmrswrr 7 files
Rodolfo Tavares 4 files
jheysel-r7 2 files
Pierre Kim 2 files

File Archives

Systems

AIX (429)
Apple (2,090)
BSD (377)
CentOS (58)
Cisco (1,927)
Debian (7,082)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,534)
HPUX (880)
iOS (376)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (50,527)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (489)
RedHat (16,402)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,689)
UNIX (9,431)
UnixWare (187)
Windows (6,667)
Other

Speck CMS SQL Injection

Speck CMS SQL Injection

File Archive:

July 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Speck CMS SQL Injection

Share This

Speck CMS SQL Injection

File Archive:

July 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems