by r0t,der4444,cembo,VietMafia

Monday, December 19, 2005

Miraserver SQL vuln.

Miraserver SQL vuln.

Vuln. discovered by : r0t
Date: 19 dec. 2005
vendor:http://www.miraserver.com
affected version: Miraserver v.1.0 RC4 and prior


Product Description:

MiraServer is a content management system aimed to ease the task of web content delivery and management for large content portals, but has the flexibility to handle smaller sites as well. It can handle web pages, articles, news headlines and FAQs. Among its features are WYSIWYG editing, integrated user comment system, optional vBulletin integration, full template-control system, file attachments and much more.



Vuln. Description:


Miraserver contains a flaw that allows a remote sql injection attacks.Input passed to the "page" parameter in "index.php" and "id" parameter in "newsitem.php" and "cat" parameter in "article.php" isn't properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code

examples:

/index.php?page=[SQL]
/newsitem.php?id=[SQL]
/article.php?cat=[SQL]


Solution:
Edit the source code to ensure that input is properly sanitised.

0 Comments:

Post a Comment

<< Home

 
Copyright (c) 2006 Pridels Sec Crew