#####################################################################################################################################___ ____ _______ _## / _ \ / _ \| | |__ \/ _| | | ##_ __| | | | | | | |_| || | ___| |_ __ ____ _____| | ## | '__| | | | | | | __| || |/ _ \_/ _` |/ __/ _ \/ _` | ## | || |_| | |_| | |_| |__| |__/ || (_| | (_|__/ (_| | ## |_| \___/ \___/ \__|_____/ \___|_| \__,_|\___\___|\__,_| ###### +-+-+-+-+## |C|r|e|w|## +-+-+-+-+###################################################################################################################################### [#] Gekko CMS (SQL Injection) Vulnerability## [#] Discovered By []0iZy5## [#] http://r00tDefaced.com ## [#] Greetz: sHoKeD-bYte, Gn0515, Nex & r00tDefaced Members ##################################################################### [2]-SQL injection## Vulnerability Description:# SQL injection is a code injection technique that exploits a security vulnerability occurring in the database layer of an #application. The vulnerability is present when user input is either incorrectly filtered for string literal escape characters embedded in SQL #statements or user input is not strongly typed and thereby unexpectedly executed.## Affected items:#http://127.0.0.1/path/search/?cvx=[SQL Injection] #http://127.0.0.1/path/search/?uid=[SQL Injection]#http://127.0.0.1/path/search/action/search/?cvx=[SQL Injection]#http://127.0.0.1/path/search/action/search/?uid=[SQL Injection]# # Example: -1+ORDER+BY+1-- [You can find the number of columns (Well just incrementing the number until we get an error.)]## The Risk:# By exploiting this vulnerability, an attacker can inject malicious code in the script and can have access to the database.## Fix the vulnerability:# To protect against SQL injection, user input must not directly be embedded in SQL statements. Instead, parametrized statements must be used #(preferred), or user input must be carefully escaped or filtered.#################################################################################################################################### r00tDefaced.com [29/June/2010]
