SmartCMS 2 – SQL Injection

• Exploit Database
• 16 阅读

• 作者： Ariko-Security
  日期： 2010-05-04
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/12507/

• ============ { Ariko-Security - Advisory #1/5/2010 } =============
  
   SQL injection vulnerability in SmartCMS v.2
  
  
  
  Vendor's Description of Software:
  # http://www.smartwebsites.com.cy/index.php?pageid=13〈=en
  
  Dork:
  # n/a
  
  Application Info:
  # Name: SmartCMS
  # Versions: V.2
  
  Vulnerability Info:
  # Type: SQL injection Vulnerability
  # Risk: medium
  
  Fix: 
  # N/A
  
  Time Table:
  # 22/04/2010 - Vendor notified.
  
  
  Input passed via the "pageid" ,"lang" parameters to index.php is not 
  
  properly sanitised before being used in a SQL query.
  
  Solution:
  # Input validation of "pageid","lang" parameters should be corrected.
  
  
  Vulnerability:
  # http://[site]/index.php?pageid=[SQLi]〈=[SQLi]
  
  Credit:
  # Discoverd By: MG
  #Advisory:
  http://www.ariko-security.com/apr2010/audyt_bezpieczenstwa_652.html
  # Website: http://Ariko-security.com
  # Contacts: support[-at-]ariko-security.com
  
  Ariko-Security
  vuln@ariko-security.com
  tel.: +48512946012 (Mo-Fr 10.00-20.00 CET)