Dir2web3 3.0 SQL Injection and Information Disclosure

2012.08.07
Credit: Daniel Correa
Risk: Medium
Local: No
Remote: Yes
CVE: CVE-2012-4069 | CVE-2012-4070
CWE: CWE-89

Title: ====== Dir2web3 Multiple Vulnerabilities Date: ===== 05/08/2012 Author: ======= Daniel Correa (http://www.sinfocol.org/) Vulnerable software: ==================== Dir2web v3.0 (http://www.dir2web.it/) CVE: ==== CVE-2012-4069 CVE-2012-4070 Details: ======== There are two vulnerabilities identified on Dir2web v3.0: Information disclosure (CVE-2012-4069): Database folder is public and it is not protected via .htaccess. An attacker can download the entire database and look for hidden pages on the website. SQL Injection (CVE-2012-4070): Preg_match function is not enough to protect GET/POST parameters. An attacker can easily make a SQL Injection over the application. Exploit: ======== Information disclosure: http://site/_dir2web/system/db/website.db SQL Injection: http://site/index.php?wpid=homepage&oid=6a303a0aaa' OR id > 0-- - Patch: ====== Information disclosure: Create .htaccess file on _dir2web folder with the following content: order deny, follow deny from all SQL Injection: Fix the regular expression in dispatcher.php file located on _dir2web/system/src folder. Replace: '/[a-zA-Z0-9]{10}/' With: '/^[a-zA-Z0-9]{10}$/' Timeline: ========= 13/07/2012: Vendor contacted 25/07/2012: CERT contacted 27/07/2012: CVE assigned 05/08/2012: Vulnerability published on Bugtraq -- Regards, Daniel Correa

References:

http://www.sinfocol.org/


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top