Document Title: =============== los818 CMS 2016 Q1 - SQL Injection Web Vulnerability References (Source): ==================== http://ift.tt/1TneuGC Release Date: ============= 2016-01-27 Vulnerability Laboratory ID (VL-ID): ==================================== 1680 Common Vulnerability Scoring System: ==================================== 7.3 Product & Service Introduction: =============================== Solutions818, is IT enabled outsourcing services and solution Company established in 2006.Sol818 focus on providing reliable, cost-effective, value added services on Web hosting, Data entry and Processing, Software development, Graphic Design, Web Design and development , Database support, ,Multimedia ,SEO, Networking & E-Commerce to global clients in different industries. (Copy of the Vendor Homepage: http://ift.tt/1QCSDdn ) Abstract Advisory Information: ============================== An independent vulnerability laboratory research group discovered a sql injection web vulnerability in the official los818 Content Management System (2016-Q1). Vulnerability Disclosure Timeline: ================================== 2016-01-27: Public Disclosure (Vulnerability Laboratory) Discovery Status: ================= Published Affected Product(s): ==================== los818 Product: Content Management System 2016 Q1 Exploitation Technique: ======================= Remote Severity Level: =============== High Technical Details & Description: ================================ A remote sql injection web vulnerability has been discovered in the official los818 Content Management System (2016-Q1). The vulnerability allows remote attackers to execute own sql commands to compromise the web-applicaation or connected dbms. The sql injection web vulnerability is located in the id value of the paper name php files. The request method to inject is GET and the attack vector of the issue is located on the application-side. Remote attackers are able to inject own sql commands to compromise the web-application or connected database management system. The security risk of the sql injection vulnerability is estimated as high with a cvss (common vulnerability scoring system) count of 7.3. Exploitation of the remote sql injection web vulnerability requires no user interaction or privileged web-application user account. Successful exploitation of the remote sql injection results in database management system, web-server and web-application compromise. Request Method(s): [+] GET Vulnerable File(s): [+] [PAPER-NAME].php (dinning.php, productdetail.php, category.php, partners.php, newsdetail.php) Vulnerable Parameter(s): [+] id Proof of Concept (PoC): ======================= The remote sql injection web vulnerability can be exploited by remote attackers without privileged web-application user account or user interaction. For security demonstration or to reproduce the vulnerability follow the provided information and steps below to continue. Dork(s): intext:Powered by sol818 inurl:.php?id= PoC: Example /[PAPER-NAME].php?id=[SQL-Injection Vulnerability!
Source: Gmail -> IFTTT-> Blogger
No comments:
Post a Comment