← Advisories

GeniXCMS v0.0.1 Remote Unauthenticated SQL Injection Exploit

Medium
Advisory ID
ZSL-2015-5232
Release Date
10 March 2015
Vendor
MetalGenix - http://www.genixcms.org
Affected Version
0.0.1
CVE
CVE-2015-2679
Tested On
nginx/1.4.6 (Ubuntu), Apache 2.4.10 (Win32), PHP 5.6.3, MySQL 5.6.21
Summary

GenixCMS is a PHP Based Content Management System and Framework (CMSF). It's a simple and lightweight of CMSF. Very suitable for Intermediate PHP developer to Advanced Developer. Some manual configurations are needed to make this application to work.

Description

Input passed via the 'page' GET parameter and the 'username' POST parameter is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

Proof of Concept
genixcms_sqli.txtTXT
Disclosure Timeline
05.03.2015Vulnerability discovered.
05.03.2015Vendor contacted.
06.03.2015Vendor responds asking more details.
06.03.2015Sent details to the vendor.
07.03.2015Vendor promises fix soon.
10.03.2015Vendor releases patched version.
10.03.2015Public security advisory released.
Credits
Vulnerability discovered by Gjoko Krstic
References
[1]http://blog.metalgenix.com/update-security-fix-and-add-newsletter-module/16
[2]https://github.com/semplon/GeniXCMS/commit/698245488343396185b1b49e7482ee5b25541815
[3]http://www.exploit-db.com/exploits/36321/
[4]http://osvdb.org/show/osvdb/119392
[5]http://osvdb.org/show/osvdb/119393
[6]http://cxsecurity.com/issue/WLB-2015030067
[7]http://packetstormsecurity.com/files/130770
[8]https://exchange.xforce.ibmcloud.com/#/vulnerabilities/101498
[9]http://cve.mitre.org/cgi-bin/cvename.cgi?name=2015-2679
[10]https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2679
Changelog
10.03.2015Initial release
11.03.2015Added reference [4], [5], [6] and [7]
13.03.2015Added reference [8]
24.03.2015Added reference [9] and [10]