Security

  Text :  

####################
| |
| |
| UK One Media CMS (id) Error Based SQL Injection Vulnerability |
| |
| |
| |
| Summary: Content Management System (PHP+MySQL) |
| |
| Vendor: UK One Media - http://www.uk1media.com |
| |
| Desc: UK One Media CMS suffers from an sql injection vulnerability |
| when parsing query from the id param which results in compromising |
| the entire database structure and executing system commands. |
| |
| Tested on Apache 2.x (linux), PHP/5.2.11 and MySQL/4.1.22 |
| |
| |
---------------------------------------------------------------------------
------
| |
| GET .../viewArticle.php?id=xx%27 |
| |
| Warning: mysql_fetch_array(): supplied argument is not a valid MySQL |
| result resource in /home/lqwrm/public_html/xxx/include/DbConnector.php |
| on line xx. |
| |
---------------------------------------------------------------------------
------
| |
| |
| |
| Vulnerability discovered by Gjoko 'LiquidWorm' Krstic |
| |
| liquidworm gmail com |
| |
| http://www.zeroscience.mk |
| |
| |
| |
| Advisory ID: ZSL-2010-4942 |
| |
| Advisory:
http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4942.php |
| |
| |
| 24.05.2010 |
| |
| |
####################
| |
| |
| Dorks: |
| |
| "Web Design London by UK One Media - ecommerce - Web
Hosting" |
| "Powered by Websoftrus CMS" |
| |
| |
| |
| |
| Point: |
| |
| http://www.example.com/viewArticle.php?id=[value]+and+1=0+[evil query] |
| |
| |
| |
| |
####################