CMS WebManager-Pro SQL Injection

2010-09-03T00:00:00
ID PACKETSTORM:93462
Type packetstorm
Reporter MustLive
Modified 2010-09-03T00:00:00

Description

                                        
                                            `Hello Bugtraq!  
  
I want to warn you about SQL Injection and Redirector (URL Redirector Abuse)  
vulnerabilities in CMS WebManager-Pro (SecurityVulns ID:11108). It's  
Ukrainian commercial CMS.  
  
SQL Injection:  
  
http://site/c.php?id=1%20and%20version()=5  
  
Redirector:  
  
http://site/c.php?id=1&url=http://websecurity.com.ua  
  
Affected products: both systems CMS WebManager-Pro from two developers.  
Vulnerable are versions CMS WebManager-Pro up to 8.1 (version from  
WebManager). Also SQL Injection (but not Redirector) exists in version of  
the system from FGS_Studio. Vulnerable are CMS WebManager-Pro v.7.4.3  
(version from FGS_Studio) and previous versions.  
  
Developers from WebManager fixed SQL Injection vulnerability (but didn't fix  
Redirector) in version CMS WebManager-Pro 8.1. Developers from FGS_Studio  
didn't fix SQL Injection vulnerability.  
  
I mentioned about these vulnerabilities at my site  
(http://websecurity.com.ua/4146/).  
  
Best wishes & regards,  
MustLive  
Administrator of Websecurity web site  
http://websecurity.com.ua  
  
`