lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-Id: <07655F70-6BBC-4BE8-B26A-68A2CCC27E16@ariko-security.com>
Date: Thu, 11 Feb 2010 22:49:06 +0100
From: Maciej Gojny <vuln@...ko-security.com>
To: full-disclosure@...ts.grok.org.uk
Subject: SQL injection vulnerability in apemCMS

============ { Ariko-Security - Advisory #1/2/2010 } =============

       SQL injection vulnerability in apemCMS 

Vendor's Description of Software:
# http://apem.com.pl/?sc=oferta

Dork:
#Powered by apemCMS

Application Info:
# Name: apemCMS
# Versions: ALL

Vulnerability Info:
# Type: SQL injection Vulnerability
# Risk: High

Fix: 
# 11.FEB Fixed

It was found that apemCMS does not validate properly the "id" parameter
 value.

Solution:
# Input validation of "id" parameter should be corrected.


Vulnerability:
# http://[HOST]/?mod=view_default&id=68[SQLi]

Credit:
# Discoverd By: MG
# Website: http://Ariko-security.com
# Contacts: support[-at-]ariko-security.com

Ariko-Security
vuln@...ko-security.com
tel.: +48512946012 (Mo-Fr 10.00-20.00 CET)




_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ