Kvaliitti WebDoc 3.0 CMS SQL Injection vulnerability

2007.12.21

Credit: Jaakko "Chrysalid" Hartikainen

Risk: Medium

Local: No

Remote: Yes

CVE: CVE-2007-6491

CWE: CWE-89

CVSS Base Score: 10/10

Impact Subscore: 10/10

Exploitability Subscore: 10/10

Exploit range: Remote

Attack complexity: Low

Authentication: No required

Confidentiality impact: Complete

Integrity impact: Complete

Availability impact: Complete

Found by: Jaakko "Chrysalid" Hartikainen

1. Info

Kvaliitti WebDoc 3.0 CMS is a proprietary Finnish-made content management system developed by Kvaliitti Oy (http://www.kvaliitti.fi). It is driven by MS SQL Server and ASP.

2. Abstract

WebDoc 3.0 suffers from a flaw in input validation, which allows attackers to insert malicious SQL queries into an existing one, possibly gaining complete control over an affected system.

3. Vulnerable files & PoC:

categories.asp, subcategory.asp, document_id, cat_id

This proof of concept example exposes the internal server variable called "@@version":

http://www.vulnerable.tld/categories.asp?document_id=37&cat_id=convert(i
nt,(select+@@version));--

4. Misc

Vendor notified: yes

--

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Kvaliitti WebDoc 3.0 CMS SQL Injection vulnerability

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.