by r0t,der4444,cembo,VietMafia

Wednesday, December 21, 2005

SpireMedia CMS SQL inj. vuln.

SpireMedia CMS SQL inj. vuln.

Vuln. discovered by : r0t
Date: 21 dec. 2005
vendor:http://www.spiremedia.com/
affected version:mx7


Product Description:

The SpireMedia CMS is an enterprise class Content Management System for managing Websites, Intranets, and Extranets. It runs under the ColdFusion application server and is platform neutral. The system is component-based, allowing objects properties to be extended via custom components and provides support for many applications such as message boards, calendaring, tech tips, user contributed content, etc. The SpireMedia CMS is currently deployed for such companies as Steamboat Ski and Resort, United Agri Products, GE Johnson Contruction, Rocky Mountain Clothing Company, Qwest Incredible Internet, and many others.

Vuln. Description:

SpireMedia CMS contains a flaw that allows a remote sql injection attacks.Input passed to the "cid" parameter in "index.cfm" isn't properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code


Solution:
Edit the source code to ensure that input is properly sanitised.

5 Comments:

Blogger --twb told...

No arbitrary SQL can be run by altering a cid in the URL - the application produces the following error when confronted with an invalid cid:

Oops! We could not find the page you are trying to access.

Thanks for looking at the application, thoough!

--twb

5:30 AM

 
Anonymous Anonymous told...

http://www.spiremedia.com/spiremedia2k5/index.cfm?cid='

6:37 AM

 
Blogger --twb told...

Once again - no SQL is excecuted - the application server is throwing an incorrect datatype exception and code execution terminates. No information regarding even what type of database is in use is displayed.

4:49 PM

 
Blogger --twb told...

The application now displays a prettier page under sych error conditions.

4:54 PM

 
Anonymous Anonymous told...

note that all reputable security firms have retired as false this post [ http://www.securityfocus.com/bid/16039 ]

5:45 AM

 

Post a Comment

<< Home

 
Copyright (c) 2006 Pridels Sec Crew