SetSeed CMS 5.8.20 (loggedInUser) Remote SQL Injection Vulnerability

2011-11-02T00:00:00
ID ZSL-2011-5053
Type zeroscience
Reporter Gjoko Krstic
Modified 2011-11-02T00:00:00

Description

Title: SetSeed CMS 5.8.20 (loggedInUser) Remote SQL Injection Vulnerability
Advisory ID: ZSL-2011-5053
Type: Local/Remote
Impact: Exposure of System Information, Exposure of Sensitive Information, Manipulation of Data
Risk: (3/5)
Release Date: 02.11.2011

Summary

SetSeed is a self-hosted CMS which lets you rapidly build and deploy complete websites and online stores for your clients.

Description

SetSeed CMS is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements to the vulnerable script using the cookie input 'loggedInUser', which could allow the attacker to view, add, modify or delete information in the back-end database.

Vendor

SetSeed - <http://www.setseed.com>

Affected Version

5.8.20

Tested On

Microsoft Windows XP Pro SP3 (EN)
Apache 2.2.21
MySQL 5.5.16
PHP 5.3.8

Vendor Status

[04.11.2011] Vendor releases version 5.11.2 which does not affect this vulnerability.

PoC

setseed_sqli.txt

Credits

Vulnerability discovered by Gjoko Krstic - <gjoko@zeroscience.mk>

References

[1] <http://www.exploit-db.com/exploits/18065/>
[2] <http://www.securityfocus.com/bid/50498>
[3] <http://packetstormsecurity.org/files/106527/ZSL-2011-5053.txt>
[4] <http://securityreason.com/wlb_show/WLB-2011110012>
[5] <http://secunia.com/advisories/46674/>
[6] <http://osvdb.org/show/osvdb/76801>
[7] <http://xforce.iss.net/xforce/xfdb/71128>
[8] <http://cve.mitre.org/cgi-bin/cvename.cgi?name=2011-5116>

Changelog

[02.11.2011] - Initial release
[03.11.2011] - Added reference [2], [3], [4] and [5]
[04.11.2011] - Added reference [6] and [7]
[04.11.2011] - Added vendor status.
[24.11.2012] - Added reference [8]

Contact

Zero Science Lab

Web: <http://www.zeroscience.mk>
e-mail: lab@zeroscience.mk

                                        
                                            &lt;html&gt;&lt;head&gt;&lt;title&gt;403 Nothing to see.&lt;/title&gt;
&lt;link rel="Shortcut Icon" href="favicon.ico" type="image/x-icon"&gt;
&lt;style type="text/css"&gt;
&lt;!--
body {
	background-color: #000;
}
body,td,th {
	font-family: Verdana, Geneva, sans-serif;
}
a:link {
	color: #008FEF;
	text-decoration: none;
}
a:visited {
	color: #008FEF;
	text-decoration: none;
}
a:hover {
	text-decoration: underline;
	color: #666;
}
a:active {
	text-decoration: none;
}
--&gt;
&lt;/style&gt;
&lt;/head&gt;
&lt;body bgcolor=black&gt;
&lt;center&gt;
&lt;font color="#7E88A3" size="2"&gt;
&lt;br /&gt;&lt;br /&gt;
&lt;h1&gt;403 Nothing to see.&lt;/h1&gt;

You do not have the powah for this request /403.shtml&lt;br /&gt;&lt;br /&gt;
&lt;font size="2"&gt;&lt;a href="https://www.zeroscience.mk"&gt;https://www.zeroscience.mk&lt;/a&gt;&lt;/font&gt;
&lt;/font&gt;&lt;/center&gt;
&lt;/body&gt;&lt;/html&gt;