ndCMS Sql Injection Vulnerability

background image

Abysssec Research

1) Advisory information

Title : ndCMS Sql Injection Vulnerability
Affected : ndCMS(Nickel and Dime CMS) v0.4rc1
Discovery :

www.abysssec.com

Vendor :

http://souurceforge.net/projects/ndcms-net

Impact : Critical

Contact : shahin [at] abysssec.com , info [at] abysssec.com
Twitter : @abysssec

2) Vulnerability Information

Class

1- SQL Injection

Exploiting this issue could allow an attacker to compromise the application, access

or modify data, or exploit latent vulnerabilities in the underlying application.

Remotely Exploitable

Yes

Locally Exploitable

No

background image

3) Vulnerabilities detail

1- SQL Injection:

This version of ndCMS has SQL Injection Vulnerability that its Database is Access with Table of Users
tblUSERS Columns: userid , passwd.

Vulnerable Code:

.../express_edit/editor.aspx
Ln 65:
dbr = db.ExecuteReader("Select * from tblPAGES WHERE indx=" + Request.Params["indx"]);
And so on.


Wyszukiwarka

Podobne podstrony:
ASP Nuke Sql Injection Vulnerability
JE CMS 1 0 0 Bypass Authentication by SQL Injection Vulnerability
eshtery CMS Sql Injection Vulnerability
SQL Injection
Inzynieria sql injection
SQL Injection dla amatorów
Easy Method Blind SQL Injection
What is a BLIND SQL Injection
SQL injection tutorial
transakcyjny SQL
06 podstawy SQL 3id 6524 ppt
BOSCH HDI EDC15C2 injection system (2)
Oracle Database 11g i SQL Programowanie or11pr
BAZY DANYCH SQL (2)
Środki stylistyczne i rodzaje rymów - powtórzenie wiadomości., Sql, Projekty, prace domowe, dodatkow
ściąga z ang, Sql, Ściągi

więcej podobnych podstron