← Advisories

TutorialMS v1.4 (show) Remote SQL Injection Vulnerability

Medium
Advisory ID
ZSL-2011-5007
Release Date
05 April 2011
Vendor
TutorialMS.com - http://www.tutorialms.com
Affected Version
1.4
CVE
N/A
Tested On
Microsoft Windows XP Professional SP3 (EN), Apache 2.2.14 (Win32), PHP 5.3.1, MySQL 5.1.41
Summary

TutorialMS is a free content management system, developed specifically for tutorial pages. It is written in PHP and uses MySQL as a database. TutorialMS offers all the usual features you need to build quick and easy your own tutorial page, without great programming knowledge.

Description

Input passed via the 'show' parameter to the 'includes/classes/tutorial.php' script is not properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

Proof of Concept
tutorialms_sql.txtTXT
Disclosure Timeline
N/A
Credits
Vulnerability discovered by Gjoko Krstic
References
[1]http://www.exploit-db.com/exploits/17123/
[2]http://www.securityfocus.com/bid/47178
[3]http://packetstormsecurity.org/files/100113
[4]http://secunia.com/advisories/44000/
[5]http://www.1337day.com/exploits/15792
[6]http://securityreason.com/wlb_show/WLB-2011040037
[7]http://securityreason.com/exploitalert/10292
[8]http://xforce.iss.net/xforce/xfdb/66577
[9]http://osvdb.org/show/osvdb/71562
Changelog
05.04.2011Initial release
06.04.2011Added reference [1], [2], [3], [4] and [5]
07.04.2011Added reference [6], [7] and [8]
13.04.2011Added reference [9]