WebAdministrator Lite CMS – SQL Injection

• Exploit Database
• 101 阅读

• 作者： Ariko-Security
  日期： 2010-02-25
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/11579/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51

  ============ { Ariko-Security - Advisory #5/2/2010 } =============   SQL injection vulnerability in WebAdministrator Lite CMS     Vendor's Description of Software: # http://jskinternet.pl/portal/jsk/3/Oferta.html   Dork: # webadministrator lite   Application Info: # Name: WebAdministrator Lite CMS # Versions: LITE   Vulnerability Info: # Type: SQL injection Vulnerability # Risk: medium   Fix: # N/A   Time Table: # 25/02/2010 - Vendor notified. # 25/02/2010 - Vendor response "we will not release FIX for LITE, soon   new version"....     Input passed via the "s" parameter to download.php is not properly   sanitised before being used in a SQL query.   Solution: # Input validation of "s" parameter should be corrected.     Vulnerability: # http://[site]/download.php?s=[SQLi]&id=2324   Credit: # Discoverd By: MG # Website: http://Ariko-security.com # Contacts: support[-at-]ariko-security.com     Ariko-Security Maciej Gojny vuln@ariko-security.com tel.: +48512946012 (Mo-Fr 10.00-20.00 CET)