LiSK CMS 4.4 – SQL Injection

• Exploit Database
• 36 阅读

• 作者： High-Tech Bridge SA
  日期： 2010-05-24
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/12727/

• Vulnerability ID: HTB22373
  
  Reference:
  http://www.htbridge.ch/advisory/sql_injection_vulnerability_in_lisk_cms_1.html
  
  Product: LiSK CMS
  
  Vendor: Createch-group
  
  Vulnerable Version: 4.4
  
  Vendor Notification: 06 May 2010
  
  Vulnerability Type: SQL Injection
  
  Status: Not Fixed, Vendor Alerted, Awaiting Vendor Response Risk level:
  Medium
  
  Credit: High-Tech Bridge SA (http://www.htbridge.ch/)
  
  
  Vulnerability Details:
  
  The vulnerability exists due to failure in the "/edit_email.php" script to
  properly sanitize user-supplied input in "id" variable. Attacker can alter
  queries to the application SQL database, execute arbitrary queries to the
  database, compromise the application, access or modify sensitive data, or
  exploit various vulnerabilities in the underlying SQL database.
  
  
  Attacker can use browser to exploit this vulnerability. The following PoC is
  available:
  
  http://host/path_to_cp/edit_email.php?&id=X%27+union+select+1,2,3,4,5,6+--+