← Advisories

UK One Media CMS (id) Error Based SQL Injection Vulnerability

Critical
Advisory ID
ZSL-2010-4942
Release Date
19 June 2010
Vendor
UK One Media - http://www.uk1media.com
Affected Version
N/A
CVE
N/A
Tested On
Apache 2.x (linux), PHP/5.2.11, MySQL/4.1.22
Summary

Content Management System (PHP+MySQL).

Description

UK One Media CMS suffers from an sql injection vulnerability when parsing query from the id param which results in compromising the entire database structure and executing system commands.

GET .../viewArticle.php?id=xx%27 Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /home/lqwrm/public_html/xxx/include/DbConnector.php on line xx.
Proof of Concept
uk1media_sql.txtTXT
Disclosure Timeline
24.05.2010Vulnerability discovered.
30.05.2010Vendor informed.
19.06.2010No reply from vendor. Public advisory released.
Credits
Vulnerability discovered by Gjoko Krstic
References
[1]http://www.exploit-db.com/exploits/13933/
[2]http://securityreason.com/wlb_show/WLB-2010060092
[3]http://bbs.honkwin.com/read-htm-tid-6596.html?PHPSESSID=e100bb238e3ee930f6fcc261ad2284af
[4]http://inj3ct0r.com/exploits/12784
[5]http://www.packetstormsecurity.org/filedesc/onemediacms-sql.txt.html
[6]http://hack0wn.com/view.php?xroot=1927.0&cat=exploits
[7]http://www.0daynet.com/2010/0620/661.html
[8]http://xforce.iss.net/xforce/xfdb/59579
Changelog
19.06.2010Initial release
20.06.2010Added reference [3], [4], [5], [6] and [7]
16.08.2010Added reference [8]