by r0t,der4444,cembo,VietMafia

Monday, November 28, 2005

Nephp Publisher v4.5.x SQL inj. vuln.

Nephp Publisher v4.5.x SQL inj. vuln.
Vuln. dicovered by : r0t
Date: 28 nov. 2005
Vendor:www.nelogic.com/cms/07-11-2005/19-nephp-publisher.html
affected version:v4.5.2 and prior

Product Description:
a perfect solution for web publishing like an online magazine or media websites. It works also as Content Management System that are easy to install and manage. It works as a core application and let you develop your own desired website. By modifying its templates, nephp can become a multi-purpose software. For example: News Publishing, Product Reviews, Content Manager System (CMS), Lyric Engine, etc ....


Vuln. description:
Input passed to the "id" and "nnet_catid" parameters isn't properly sanitised before being used in a SQL query.This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

examples:
/index.html?m=comments&id=[SQL]
/index.html?m=show&id=1[SQL]
/index.html?m=search&opt=search_proceed&keywords
=175&nnet_uid=1&nnet_catid=[SQL]


Solution:
Edit the source code to ensure that input is properly sanitised.

0 Comments:

Post a Comment

<< Home

 
Copyright (c) 2006 Pridels Sec Crew