Jaow 2.4.5 Blind SQL Injection

Type packetstorm
Reporter kallimero
Modified 2012-05-24T00:00:00


                                            `# Exploit Title: Jaow <= 2.4.5 Blind Sql Injection  
# Google Dork: intext:"propuls� par jaow 2.4.5"  
# Date: 23/05/2012  
# Software Link: http://www.jaow.net/telechargements/Jaow_V2.4.5.zip  
# Version: 2.4.5  
# Tested on: Debian GNU/Linux  
# Author: kallimero  
= Introduction =  
Jaow is a CMS that can manage sites of small sizes, thanks to its simple,  
commented code you can easily create templates and / or create modules to  
suit your needs. Jaow is the solution for small sites, blogs or portfolio.  
= Details =  
Unfortunately, a Blind SQL injection is possible in the 2.4.5 core.  
Vulnerable page : add_ons.php  
Extract from the source :  
-------------[ add_ons.php ]--------------  
// On stocke dans une variable simple le add_on demand�  
$add_on = stripslashes($_GET['add_ons']);  
// On recherche si l'add_on est install�  
echo 'SELECT id,nom FROM '.$db_prefix.'add_ons WHERE nom="'.$add_on.'"  
AND actif="1"';  
$query_add_ons = mysql_query('SELECT id,nom FROM '.$db_prefix.'add_ons  
WHERE nom="'.$add_on.'" AND actif="1"');  
-------------[ add_ons.php ]--------------  
So, we can inject sql with the add_ons variable, like that :  
http://[site]/[path]/add_ons.php?add_ons=[SQL injection]  
= Solutions =  
Update is avalaible here : http://www.jaow.net/Article-97  
= Thanks =  
Thanks to necromoine, fr0g, st0rn, applestorm, Zhyar, k3nz0, m4ke and all  
hwc-crew members. http://hwc-crew.com/  
And all npn members. http://n-pn.info/