Product
Elxis Content Management System
Vulnerable Versions
All versions to 2006.4 of the Elxis CMS.
Vendor Status
The Vendor was notified and the issue fixed.
A patch can be found at:
http://www.elxis.org/index.php?option=com_mtree&task=viewlink&link_id=98&Itemid=140
Details
The banner module of the Elxis Content Management System is vulnerable to an
SQL injection. The module keeps track of already displayed banners and stores
their ID's in a cookie named `mb_tracker'. The cookie value is then used in
an SQL query to get the next, not yet shown banner.
Impact
By modifying the cookie value, an attacker might be able to execute SQL
queries.
Exploit
No exploit required.
Copyright (C) Nico Leidecker 2007 <[email protected]>.
Permission is hereby granted for the electronic redistribution of this informa-
tion. It is not to be edited or altered in any way without the express written
consent of the author.
The information herein contained may change without notice. Use of this infor-
mation constitutes acceptance for use in an AS IS condition. There are NO war-
ranties, implied or otherwise, with regard to this information of its use. Any
use of this information is at the user's risk. In no event shall the au-
thor/distributor be held liable for any damages whatsoever arising out of or in
connection with the use or spread of this information.
Erweitern Sie FreeMail zu einem noch leistungsstarkeren E-Mail-Postfach!
Mehr Infos unter http://produkte.web.de/club/?mc=021131