← Advisories

web@all CMS 2.0 (_order) SQL Injection Vulnerability

Medium
Advisory ID
ZSL-2012-5099
Release Date
23 August 2012
Vendor
web@all - http://www.webatall.org
Affected Version
2.0
CVE
N/A
Tested On
Microsoft Windows 7 Ultimate SP1 (EN), Apache 2.4.2 (Win32), PHP 5.4.4, MySQL 5.5.25a
Summary

web@all is a PHP content management system (CMS). If you know about it,you nearly can use it to do anything.

Description

The application suffers from an SQL Injection vulnerability. Input passed via the GET parameter '_order' is not properly sanitised before being returned to the user or used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

Proof of Concept
webatall_sqli.txtTXT
Disclosure Timeline
N/A
Credits
Vulnerability discovered by Gjoko Krstic
References
[1]http://packetstormsecurity.org/files/115817
[2]http://cxsecurity.com/issue/WLB-2012080212
[3]http://www.securityfocus.com/bid/55176
[4]http://secunia.com/advisories/49922/
[5]http://1337day.com/exploits/19245
[6]http://xforce.iss.net/xforce/xfdb/77936
[7]http://www.exploit-db.com/exploits/20857/
[8]http://www.osvdb.org/show/osvdb/85963
Changelog
23.08.2012Initial release
24.08.2012Added reference [3], [4] and [5]
26.08.2012Added reference [6]
27.08.2012Added reference [7]
11.11.2012Added reference [8]