Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
packetstormRodrigo MarcosPACKETSTORM:65705
HistoryApr 21, 2008 - 12:00 a.m.

reddot-sql.txt

2008-04-2100:00:00
Rodrigo Marcos
packetstormsecurity.com
26

0.003 Low

EPSS

Percentile

63.2%

JSON
`RedDot CMS SQL injection vulnerability (CVE Number: CVE-2008-1613)  
  
http://www.irmplc.com/index.php/167-Advisory-026  
  
  
Vulnerability Type/Importance: SQL injection/Critical  
  
Problem Discovered: 12 February 2008  
Vendor Contacted: 19 February 2008  
Advisory Published: 21 April 2008  
  
  
Abstract:  
The RedDot CMS Product (http://www.reddot.com) is vulnerable to a pre-authentication SQL injection vulnerability which, when exploited, allows enumeration of all SQL database content.  
  
Description:  
The 'LngId' Parameter passed to IoRD.asp is responsible for assigning the language context for the CMS application. The vulnerability exists as a result of inadequate validation of user-supplied input within this parameter.  
  
  
Technical Details:  
Normal input for the 'LngId' parameter contains a code such as ENG, DEU, JP, denoting the language type. This parameter is not properly validated and the injection of SQL statements within it allows attackers unrestricted access to enumerate information from the database. For example:  
  
https://vulnerablehost.com:443/cms/ioRD.asp?Action=ShowMessage&LngId=ENG.DGC0 FROM IO_DGC_ENG UNION SELECT min(name) FROM SYSOBJECTS where xtype=char(85) and name> '' ORDER BY 1;-- &DisableAutoLogin=1  
  
Proof of Concept:  
A Proof of Concept (RDdbenum.py) has been developed to automate enumeration of entire database content available from http://www.irmplc.com/Tools/RDdbenum.py  
  
  
Workaround / Solutions:  
There are no known workarounds for this vulnerability  
The Vendor has released a patch for this vulnerability, Release 7.5.1.86, available from normal Red Dot customer support contacts.  
  
  
Tested / Affected Versions:  
IRM confirmed the presence of this vulnerability in RedDot CMS version 7.5 Build 7.5.0.48, tested with Microsoft SQL Server 2005 database.  
It is believed that this issue exists in RedDot CMS versions 6.5 and 7.0; however this has not been fully verified.  
  
  
Credits:  
Research and Advisory: Mark Crowther and Rodrigo Marcos  
  
  
Disclaimer:  
All information in this advisory is provided on an 'as is' basis in the hope that it will be useful. Information Risk Management Plc is not responsible for any risks or occurrences caused by the application of this information.  
  
`

Related

securityvulns 2
cve 1
seebug 1
packetstorm 1
prion 1
securityvulns
securityvulns
[Full-disclosure] IRM Security Advisory : RedDot CMS SQL injection vulnerability
2008-04-21 00:00:00
Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
2008-04-21 00:00:00
cve
cve
CVE-2008-1613
2008-04-22 04:41:00
seebug
seebug
RedDot CMS ioRD.asp文件SQL注入漏洞
2008-04-24 00:00:00
packetstorm
packetstorm
RDdbenum.py.txt
2008-04-21 00:00:00
prion
prion
Sql injection
2008-04-22 04:41:00

0.003 Low

EPSS

Percentile

63.2%

JSON
Related for PACKETSTORM:65705
securityvulns2cve1seebug1packetstorm1prion1