21 lines
No EOL
962 B
Text
21 lines
No EOL
962 B
Text
Vulnerability ID: HTB22390
|
|
Reference: http://www.htbridge.ch/advisory/sql_injection_vulnerability_in_ecomat_cms.html
|
|
Product: Ecomat CMS
|
|
Vendor: Codefabrik GmbH
|
|
Vulnerable Version: 5.0 and Probably Prior Versions
|
|
Vendor Notification: 18 May 2010
|
|
Vulnerability Type: SQL Injection
|
|
Status: Not Fixed, Vendor Alerted, Awaiting Vendor Response
|
|
Risk level: High
|
|
Credit: High-Tech Bridge SA (http://www.htbridge.ch/)
|
|
|
|
Vulnerability Details:
|
|
The vulnerability exists due to failure in the "index.php" script to properly sanitize user-supplied input in "show"
|
|
variable. Attacker can alter queries to the application SQL database, execute arbitrary queries to the database,
|
|
compromise the application, access or modify sensitive data, or exploit various vulnerabilities in the underlying SQL
|
|
database.
|
|
|
|
Attacker can use browser to exploit this vulnerability. The following PoC is available:
|
|
|
|
|
|
http://host/index.php?type=web〈=de&show=-1+union+select+user%28%29+--+&mhs=0 |