TUCoPS :: Web :: CMS / Portals :: b06-1482.htm

MAXDEV CMS Multiple vulnerabilities
MAXDEV CMS Multiple vulnerabilities
MAXDEV CMS Multiple vulnerabilities


Full Path disclosure
---------------------
This hole is caused by direct access to file includes/legacy.php not protected

PoC :
http://site.co.id/maxdev/includes/legacy.php 

Fix :
Turn off display error in php.ini can fix this security issue

Blind sql inject
-----------------
This hole is caused by filtered script not implemented to $topicid variable in file modules/Topics/pnuserapi.php

PoC :
http://site.co.id/maxdev/index.php?module=Topics&func=display&topicid=0 AND 1=0 
http://site.co.id/maxdev/index.php?module=Topics&func=display&topicid=0 AND 1=1 

Fix :
Maxdev cms have a filtered script to protect all request but i'm so lazy to analyze the code, then i just add this code 
in modules/Topics/pnuserapi.php

if(isset($_GET['topicid']))
{
        $topicid=$_GET['topicid'];
        validate($topicid);
}
function validate($char)
{
        if(!is_numeric($char))
        {
                die("i have received an error request");
        }
}

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH