eazyCMS "page_id" SQL Injection Vulnerability


eazyCMS "page_id" SQL Injection Vulnerability author:r0t (hackers.by.lv) Date:18 nov. 2005 software: eazyCMS v2 vendor:http://www.eazycms.com/home.php?page_id=2 Software Description: eazyCMS offers the functionality that would, in a custom-made system, cost thousands or tens of thousands - and it's all available online through your browser - there is absolutely no software to install! eazyCMS offers a user-friendly WYSIWYG (What You See Is What You Get) page editor, so that you can see at-a-glance exactly how your pages will look when they appear on your site. There are plenty of functions for maintaining your site: You can create, copy, move and delete pages – You can start simple, using the eazy to use controls, then move on to the more advanced controls as and when you need to. Vuln. Description: Input passed to the "page_id" parameter in "home.php" isn't properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Solution: Edit the source code to ensure that input is properly sanitised. Greetings to :der4444, fredrau, waraxe ,g0df4th3r,RaZbH,cembo orginal advisory:http://pridels.blogspot.com/2005/11/eazycms-pageid-sql-injection.html