piątek, 16 września 2016

SQL injection in latest e107 CMS

Bug exists in admin's panel. It's possible to exploit only when you have admin's credentials. Full details described below...

In the middle of time I was doing some blackbox testing for e107 cms (latest version for date: e107_2.1.1_full.zip). When I was testing admin's panel, I found that it's vulnerable to SQL injection. Full request is below:

I verified it (by sqlmap) like this:

Seems that the vulnerable parameter is pagelist:

Request is accesible from this menu:

I think that the bug exists here:

Vendor was notified but to this day (16.09) - I did not received any response.


Brak komentarzy:

Prześlij komentarz