web@all CMS 2.0 (_order) SQL Injection Vulnerability


Vendor: web@all
Product web page: http://www.webatall.org
Affected version: 2.0

Summary: web@all is a PHP content management system (CMS). If you
know about it,you nearly can use it to do anything.

Desc: The application suffers from an SQL Injection vulnerability.
Input passed via the GET parameter '_order' is not properly sanitised
before being returned to the user or used in SQL queries. This can be
exploited to manipulate SQL queries by injecting arbitrary SQL code.

Tested on: Microsoft Windows 7 Ultimate SP1 (EN)
           Apache 2.4.2 (Win32)
           PHP 5.4.4
           MySQL 5.5.25a


Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
                            @zeroscience


Advisory ID: ZSL-2012-5099
Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2012-5099.php


21.08.2012

---


http://localhost/webatall/sys/index.php?_key=author&_order=1[SQL ATTACK QUERY]&_text[status]=-1&_type[]=0&mod=article