Wild CMS – SQL Injection

• Exploit Database
• 13 阅读

• 作者： Ariko-Security
  日期： 2010-03-09
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/11672/

• # Title: [SQL injection vulnerability in Wild CMS]
  # Date: [09.03.2010]
  # Author: [Ariko-Security]
  # Software Link: [http://www.wildcms.com/]
  # Version: [ALL]
  
  
  ============ { Ariko-Security - Advisory #4/3/2010 } =============
  
  SQL injection vulnerability in wILD CMS 
  
  
  Vendor's Description of Software:
  # http://www.wildcms.com/ 
  Vulnerable DEMO
  # http://www.wildcms.com/page.php?page_id=139
  
  Dork:
  # N/A
  
  Application Info:
  # Name: wILD CMS
  Vulnerability Info:
  # Type: SQL injection Vulnerability
  # Risk: medium
  
  Fix: 
  # N/A
  
  Time Table:
  # 01/03/2010 - Vendor notified.
  
  Input passed via the "page_id" parameter to page.php is not properly sanitised before being used in a SQL query.
  
  Solution:
  # Input validation of "page_id" parameter should be corrected.
  
  Vulnerabilities:
  # http://[site]/page.php?page_id=139[SQLi]
  
  
  
  Credit:
  # Discoverd By: MG
  # Advisory: http://www.ariko-security.com/mar2010/ad526.html
  # Contacts: support[-at-]ariko-security.com