CMS Vinsystech.com - SQL Injection Vulnerability
A content management system (CMS) is a computer application that supports the creation and modification of digital content.
It is often used to support multiple users working in a collaborative environment.
CMS features vary widely. Most CMSs include Web-based publishing, format management, history editing and version control, indexing, search, and retrieval.
By their nature, content management systems support the separation of content and presentation.
2018-02-28: Public Disclosure
Technical Details & Description:
A remote SQL Injection web vulnerability has been discovered in the "CMS Vinsystech.com" web-application.
The vulnerability allows remote attackers to execute own sql commands to compromise the web-server or dbms.
The vulnerability is located in the `catid` parameter of the `cw_categories.php` file GET method request.
Proof of Concept (PoC):
The remote sql-injection vulnerability can be exploited by remote attackers with privilege web-application user account and without user interaction.
The security demonstration reproduce the web vulnerability exploitation using "UNION QUERY".
[+] http://www.clerkenwellscrews.com/html/cw_categories.php?catid=101 and 1=0 union select database()
In order to avoid SQL Injection it is important to validate all non-SQL text entries, not allowing special characters and SQL key words to be written, such as INSERT, DELETE, UPDATE, HAVING, JOIN, etc.
It is interesting to set a maximum of characters for passwords and users.
Treat errors appropriately, for messages that do not expose attackers to information about a data structure.
Felipe "Renzi" Gabriel