Document Title: =============== Quicksilver HQ VoHo Concept4E CMS v1.0 - Multiple SQL Injection Web Vulnerabilities References (Source): ==================== http://ift.tt/1TBuh5p Release Date: ============= 2016-04-06 Vulnerability Laboratory ID (VL-ID): ==================================== 1816 Common Vulnerability Scoring System: ==================================== 7.4 Product & Service Introduction: =============================== Quicksilver VoHo Concept4E CMS v1.0 is a commercial content management system for Energy, Ecology, Environment or Entertainment. The cms is produced by the QuicksilverHQ VoHo company in india. (Copy of the Vendor Homepage: http://ift.tt/1Ygah7s ) Abstract Advisory Information: ============================== An independent vulnerability laboratory researcher discovered multiple sql-injection vulnerabilities in the Quicksilver VoHo Concept4E v1.0 Content Management System. Vulnerability Disclosure Timeline: ================================== 2016-04-06: Public Disclosure (Vulnerability Laboratory) Discovery Status: ================= Published Affected Product(s): ==================== Quicksilver HQ Product: Quicksilver VoHo Concept4E - Content Management System 1.0 Exploitation Technique: ======================= Remote Severity Level: =============== High Technical Details & Description: ================================ A remote sql-injection web vulnerability has been discovered in the Quicksilver VoHo Concept4E v1.0 Content Management System. The web vulnerability allows remote attackers to execute own sql commands to compromise the web-applicaation or connected dbms. The sql-injection vulnerability is located in the `contentid and `page` values of the `members.php`, `news.php`, `index.php`, `index2.php`, `updates.php` or `contacts.php` files. Remote attackers are able to execute sql commands by injection of malicious statements via GET method request. The vulnerability is located on the application-side of the online service. The injection points are the page and contentid values in the vulnerable marked *.php files. The security vulnerability is a classic order by sql injection bug in the page and id parameter. The security risk of the sql-injection vulnerability is estimated as high with a cvss (common vulnerability scoring system) count of 7.4. Exploitation of the remote sql injection web vulnerability requires no user interaction or privileged web-application user accounts. Successful exploitation of the remote sql injection results in database management system, web-server and web-application compromise. Request Method(s): [+] GET Vulnerable File(s): [+] members.php [+] news.php [+] index.php [+] updates.php [+] contacts.php [+] index2.php Vulnerable Parameter(s): [+] contentid [+] page Proof of Concept (PoC): ======================= The remote sql-injection web vulnerability can be exploited by remote attackers without user interaction or privileged web-application user accounts. For security demonstration or to reproduce the vulnerability follow the provided information and steps below to continue. Dork(s): intext:Powered by Quicksilver VoHo inurl:.php?contentid= PoC: Exploitation http://localhost:8080/members.php?contentid=login'[SQL-INJECTION VULNERABILITY!]
Source: Gmail -> IFTTT-> Blogger
No comments:
Post a Comment