Title:
=======
CMS Vinsystech.com - SQL Injection Vulnerability
Introduction:
==============
A content management system (CMS) is a computer application that supports the creation and modification of digital content.
It is often used to support multiple users working in a collaborative environment.
CMS features vary widely. Most CMSs include Web-based publishing, format management, history editing and version control, indexing, search, and retrieval.
By their nature, content management systems support the separation of content and presentation.
Vulnerability Disclosure:
==========================
2018-02-28: Public Disclosure
Affected Product(s):
=====================
CMS Vinsystech.com
Exploitation Technique:
========================
Remote
Severity Level:
================
High
Technical Details & Description:
=================================
A remote SQL Injection web vulnerability has been discovered in the "CMS Vinsystech.com" web-application.
The vulnerability allows remote attackers to execute own sql commands to compromise the web-server or dbms.
The vulnerability is located in the `catid` parameter of the `cw_categories.php` file GET method request.
Request Method(s):
[+] GET
Vulnerable Function(s):
[+] cw_categories.php
Vulnerable Parameter(s):
[+] catid
Proof of Concept (PoC):
========================
The remote sql-injection vulnerability can be exploited by remote attackers with privilege web-application user account and without user interaction.
The security demonstration reproduce the web vulnerability exploitation using "UNION QUERY".
[+] http://www.clerkenwellscrews.com/html/cw_categories.php?catid=101 and 1=0 union select database()
Solution
=========
In order to avoid SQL Injection it is important to validate all non-SQL text entries, not allowing special characters and SQL key words to be written, such as INSERT, DELETE, UPDATE, HAVING, JOIN, etc.
It is interesting to set a maximum of characters for passwords and users.
Treat errors appropriately, for messages that do not expose attackers to information about a data structure.
Credits
========
Felipe "Renzi" Gabriel
Contact
========
renzi@linuxmail.org
References
==========
https://www.owasp.org/index.php/Top_10_2013-A1-Injection
https://en.wikipedia.org/wiki/Content_management_system