SelfComposer CMS – SQL Injection - 体验盒子

作者： Locu

日期： 2010-05-14

类别：

webapps

平台：

asp

来源：https://www.exploit-db.com/exploits/12606/

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

32

33

34

35

36

37

38

39

40

41

42

43

44

45

46

47

48

49

50

51

52

53

54

55

56

57

58

59

60

61

62

63

*==== =={ Advisory 14/5/2010 } ======*

*SQL injection vulnerability in SelfComposer CMS

*

*Vendor's Description of Software:*

*# http://www.selfcomposer.it*

*Dork:*

*allinurl:"prodotti.asp?idpadrerif="*

*Application Info:*

*Name: *SelfComposer

*Vulnerability Info:*

*Type: *SQL injection Vulnerability

*Risk: High*

*Fix:*

*N/A*

*Time Table:*

*06/05/2010 - Vendor notified.*

*Additional Info:*

All the input passed via "idprod", "idpadrerif", "idreferenza",

"idpadrerifIstituzionali"

is not properly sanitised before being used in a sql query.

*Solution:*

Input validation of "idprod", "idpadrerif", "idreferenza",

"idpadrerifIstituzionali"

parameters should be corrected.

*Vulnerability:*

# http://[site]/scheda.asp?idprod=[SQLi]&idpadrerif=[SQLi]

# http://[site]/schedaistituzionale.asp?idreferenza=[SQLi]&idpadrerifIstituzionali=[SQLi]

*Credit:*

Discoverd By: Locu

Website: http://xlocux.wordpress.com

Contacts: xlocux[-at-]gmail.com

*============ {EOF} =============*

*

*Locu*