Esselbach Storyteller CMS System 1.8 – SQL Injection

• Exploit Database
• 45 阅读

• 作者： Shamus
  日期： 2011-03-09
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/16948/

• # Exploit Title: Esselbach Storyteller CMS System Version 1.8 [page.php] Remote SQL Injection Vulnerability
  # Date: March, 9th 2011 [GMT +7]
  # Author: Shamus
  # Software Link: http://www.esselbach.com/
  # Version : Esselbach Storyteller CMS System Version 1.8
  # Tested on: windows
  # CVE : -
  
  -----------------------------------------------------------------------------------------
  Esselbach Storyteller CMS System Version 1.8 [page.php] Remote SQL Injection Vulnerability
  -----------------------------------------------------------------------------------------
  
  Author : Shamus
  Date : March, 9th 2011 [GMT +7]
  Location : Solo && Jogjakarta, Indonesia
  Web : http://antijasakom.net/forum
  Critical Lvl : Moderate
  Impact : Exposure of sensitive information
  Where : From Remote
  ---------------------------------------------------------------------------
  
  
  
  Affected software description:
  ~~~~~~~~~~~~~~~~~~~~~~~~~~
  Application : Esselbach Storyteller CMS System
  Version : Esselbach Storyteller CMS System Version 1.8
  Vendor : esselbach
  Download : http://www.esselbach.com/page5.html
  Description :Storyteller CMS is a powerful Content Management System written in the PHP scripting language and designed for high traffic websites. 
  It supports up to 99 websites in the same database and is ready for the next MySQL generation with InnoDB tables.
  --------------------------------------------------------------------------
  
  
  
  Vulnerability:
  ~~~~~~~~~~~~
  A weakness has been discovered Esselbach Storyteller CMS System.
  Where an attacker may execute arbitrary SQL statements on the vulnerable system. 
  This may compromise the integrity of your database and/or expose sensitive information.
  This vulnerability identified in the path "page.php".
  
  
  PoC/Exploit:
  ~~~~~~~~~~
  SQL injection vulnerability affects:
  http://localhost.com/page.php?id=[Injection Query]
  
  Dork:
  ~~~~~
  Google : powered by Esselbach Storyteller CMS System Version 1.8
  
  Solution:
  ~~~~~
  - Your script should filter metacharacters from user input.
  - Edit the source code to ensure that input is properly verified.
  
  
  Timeline:
  ~~~~~~~
  - 01 - 03 - 2011 bug found
  - 02 - 03 - 2011 vendor contacted and response [asked about the detail attack]
  - 03 - 03 - 2011 still contacted vendors
  - 04 - 03 - 2011 vendors have released patches [http://www.contentteller.com/forums/threads/security-sql-injection-vulnerability-in-storyteller-cms.1148/]
  - 09 - 03 - 2011 Advisories release
  ---------------------------------------------------------------------------
  
  
  
  Shoutz:
  ~~~~~~~
  oO0::::: Greetz and Thanks: :::::0Oo.
  Tuhan YME
  My Parents
  SPYRO_KiD
  K-159
  lirva32
  newbie_campuz
  
  And Also My LuvLy wife :
  ..::.E.Z.R (The deepest Love I'v ever had..).::..
  
  in memorial :
  1. Monique
  2. Dewi S.
  3. W. Devi Amelia
  4. S. Anna
  
  oO0:::A hearthy handshake to: :::0Oo
  ~ Crack SKY Staff
  ~ Echo staff
  ~ antijasakom staff
  ~ jatimcrew staff
  ~ whitecyber staff
  ~ lumajangcrew staff
  ~ devilzc0de staff
  ~ unix_dbuger, boys_rvn1609, jaqk, byz9991, bius, g4pt3k, anharku, wandi, 5yn_4ck, kiddies, bom2, untouch, antcode
  ~ arthemist, opt1lc, m_beben, gitulaw, luvrie, poniman_coy, ThePuzci, x-ace, newbie_z, petunia, jomblo.k, hourexs_paloer, cupucyber, kucinghitam, black_samuraixxx, ucrit_penyu, wendys182, cybermuttaqin
  ~ k3nz0, thomas_ipt2007, blackpaper, nakuragen, candra, dewa
  ~ whitehat, wenkhairu, Agoes_doubleb, diki, lumajangcrew a.k.a adwisatya a.k.a xyberbreaker, wahyu_antijasakom
  ~ Cruz3N, mywisdom,flyff666, gunslinger_, ketek, chaer.newbie, petimati, gonzhack, spykit, xtr0nic, N4ck0, assadotcom, Qrembiezs, d4y4x, gendenk, si bD, Jimmy Deadc0de, Rede Deadc0de
  ~ All people in SMAN 3
  ~ All members of spyrozone
  ~ All members of echo
  ~ All members of newhack
  ~ All members of jatimcrew
  ~ All members of Anti-Jasakom
  ~ All members of whitecyber
  ~ All members of Devilzc0de
  ~ All members of Kaskus - "Especially Regional Solo Kaskus"
  #e-c-h-o, #K-elektronik, #newhack, #Solohackerlink, #YF, #defacer, #manadocoding, #jatimcrew, #antijasakom, #whitecyber, #devilzc0de
  ---------------------------------------------------------------------------
  
  
  
  Contact:
  ~~~~~~~~~
  Shamus : Shamus@antijasakom.net
  Homepage: https://antijasakom.net/forum/viewtopic.php?f=38&t=713
  -------------------------------- [ EOF ] ----------------------------------