. PRODUCT : Construtiva CIS Manager
. TYPE : SQLi http://site/autenticar/lembrarlogin.asp (POST email)
. CVE : CVE-2014-3749
. The CIS Manager platform is a complete and powerful tool to manage
sites and corporative portals on the Internet. The platform components
bring autonomy to your company to manage the content (structure,
texts, images, downloadable files, articles, newsβ¦) without the need
of a developer.
(...)
2014-05-16
. SQL injection using POST parameters:
URL: http://site/autenticar/lembrarlogin.asp
TYPE: error-based
PARAM: email
PAYLOAD: email=xxx' AND (...)
2014-04-16: Vendor notification.
2014-04-26: No response. Vendor notification again.
2014-05-10: No response. Vendor notification again.
2014-05-16: Public disclosure.
Thiago C.
edge () bitmessage.ch