by r0t,der4444,cembo,VietMafia

Saturday, December 17, 2005

Direct News SQL inj.

Direct News SQL inj.

Vuln. discovered by : r0t
Date: 17 dec. 2005
vendor: http://www.direct-news.net
affected version: 4.9 and prior


Product Description:

Direct News 4.9 is an easy-to-use CMS based on php-mysql. Its real goal is the simplicity and usability, in order to be used by all.In addition to the Wysiwyg editor, navigation-management, image library and image tools, Direct News 4.9 comes with a new Macromedia Flash compatibility.
Direct News is one of the few CMS to offers you the ability to manage directly your flash animations contents through the very easy interface of Direct News.
Direct News improve your Search Engine Optimization, by rewriting the links and allowing you to describe your content as you want.
Of course, Direct News can manage a shopping cart, and multiple languages websites (with chinese, russian..and others) and administration interfaces. Direct News is also available in a smaller-limited version.


Vuln. Description:

Direct News contains a flaw that allows a remote sql injection attacks.Input passed to the "setLang" and search module paremters isn't properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code

example:
/?setLang=[SQL]

Solution:
Edit the source code to ensure that input is properly sanitised.

0 Comments:

Post a Comment

<< Home

 
Copyright (c) 2006 Pridels Sec Crew