Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:19544
HistoryApr 01, 2008 - 12:00 a.m.

cevado technologies real estate CMS SQL injection

2008-04-0100:00:00
vulners.com
31
JSON

I'm back, and I got more.
SQL injection within some real estate CMS software.

The vulnerability is present because of a failure to strip characters from the variables page_id and site_id resulting in
exploitation by some simple blind SQLI.

heres an example:

www.example.com/index.php?site_id=null%20union%20all%20select%20username,password,3,4,5,6%20from%20users/*

The number of columns varies slightly, but you can always use good old 'order by' to find that out. The table names
remain the same.

I used the GET'd variable site_d, but page_id works as well.

Cevado.com notified, no patch.

Happy hunting.

JSON