High-Tech Bridge SA Security Research Lab has discovered two vulnerabilities in Ecomat CMS which could be exploited to perform cross-site scripting attacks and execute arbitrary SQL commands in application`s database.
Cross-site scripting (XSS) vulnerability in Ecomat CMS: CVE-2010-5030
The vulnerability exists due to input sanitation error in the “lang” parameter in index.php. A remote attacker can send a specially crafted HTTP request to the vulnerable script and execute arbitrary HTML and script code in user`s browser in context of the vulnerable website.
Exploitation example:
http://host/index.php?type=web&lang=xx"+onmouseover=alert(123)+style=p osition:absolute;left:0;top:0;width:100%;height:100%+&show=25&mhs=0
SQL injection vulnerability in Ecomat CMS: CVE-2010-5029
The vulnerability exists due to input sanitation error in the “show” parameter in index.php. A remote attacker can send a specially crafted HTTP GET request to the vulnerable script and execute arbitrary SQL commands in application`s database. Successful exploitation may allow an attacker to read, modify, add or delete arbitrary data in the database.
Exploitation example:
http://host/index.php?type=web&lang=de&show=-1+union+select+user()+--+&m hs=0