TUCoPS :: Web :: CMS / Portals :: ncmat.htm

NCM.at - Content Management System malformed http possible exploit



    NCM.at - Content Management System


    Roland  Aigner  found  following.   With  specific  malformed http
    requests, a  direct access  to the  content database  is possible.
    With an additional character not recognized by the database server
    in use in a request variable the complete SQL error is shown in  a


    Playing this game further,  its possible to exploit  this database
    like following:


    This uses  the displayed  (in the  errorbox that  we get  from the
    first url) databaseinformation to obtain all records.

    With a correct SQL  server (like MS -  SQL) it should be  possible
    (but untested) to use a nested sql-query to even drop the database
    (or the content table).

    It looks  like the  "=" character  is already  filtered out, so we
    had to use a > or < to get the entries.


    Filter  out  all  comparison  characters  and to supress SQL error
    displays  in  actual  production  websites.   Answer  from them on
    2001/04/11:  bugs   fixed,  customers   should  get   new  version

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986- AOH