TUCoPS :: Web :: CMS / Portals :: bu-1902.htm

1024 CMS Blind SQL Injection Vulnerability
1024CMS Blind SQL Injection Vulnerability
1024CMS Blind SQL Injection Vulnerability


##########################www.BugReport.ir######################################## 
#
#        AmnPardaz Security Research Team
#
# Title:=09=091024CMS Blind SQL Injection Vulnerability
# Vendor:=09=09http://www.1024cms.org/ 
# Vulnerable Version:=092.1.1 (Latest version till now)
# Exploitation:=09=09Remote with browser
# Fix:=09=09=09N/A
###################################################################################

####################
- Description:
####################

1024CMS is a PHP-based CMS which uses MySQL as its backend DBMS. It  
support forums, downloads,
search capability, BB code capability, gallery, chat and RSS services.


####################
- Vulnerability:
####################

+--> Blind SQL Injection
=09The RSS page (rss.php) is vulnerable to SQL injection. The GET  
variable 'id' is
=09not sanitized correctly in the SQL query. This hole can be used for  
extracting
=09admin password. For details see 'Exploits' section.

####################
- Exploits/PoCs:
####################

http://www.bugreport.ir/69/exploit.htm 

####################
- Solution:
####################

Remove rss.php and wait for bug fixation by vendor or escape GET  
parameter in file rss.php using the
vendor string escaping function 'quote_smart' as is used in all of  
other files else of this one.

####################
- Original Advisory:
####################

http://www.bugreport.ir/index_69.htm 

####################
- Credit:
####################
AmnPardaz Security Research & Penetration Testing Group
Contact: admin[4t}bugreport{d0t]ir
www.BugReport.ir 
www.AmnPardaz.com

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH