ITAS Team found out a SQL Injection vulnerability in articleFR CMS

ITAS Team found out a SQL Injection vulnerability in articleFR CMS. The issue is due to the some scripts not properly sanitizing user-supplied input-data. This may allows remote attackers to execute arbitrary SQL commands via that parameter…

Individuals and organizations are using this CMS should note and give the solution to fix this issue.

Vulnerability information:
– Vulnerability: SQL Injection
– Vendor: http://freereprintables.com
– Download link: https://github.com/articlefr/articleFR
– Affected version: version 3.0.5
– CVE ID: CVE-2015-1364
– Author: Tran Dinh Tien (tien.d.tran@itas.vn) & ITAS Team (www.itas.vn)

::VULNERABILITY DETAIL::
+ REQUEST:
POST /articlefr/register/ HTTP/1.1
Host: target.org
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:34.0) Gecko/20100101 Firefox/34.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://target.org/articlefr/register/
Cookie: _ga=GA1.2.884814947.1419214773; __unam=bd22dea-14a6fcadd31-42cba495-31; GEAR=local-5422433b500446ead50002d4; PHPSESSID=8a9r8t1d5g9veogj6er9fvev63; _gat=1
Connection: keep-alive
Content-Type: application/x-www-form-urlencoded
Content-Length: 103

username=[SQL INJECTION HERE]&email=test2%40itas.vn&name=test&password=123123&submit=register

Information disclosure:
+ 12/09/2014: Contact to vendor – vendor did not reply
+ 12/11/2014: Contact to vendor – vendor did not reply
+ 12/22/2014: Contact to vendor – vendor replied
+ 12/23/2014: Send the detail vulnerability to vendor – vendor did not reply
+ 01/21/2015: Public information

References:
– http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1364
– http://www.exploit-db.com/exploits/35857/
– http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1364
– http://seclists.org/fulldisclosure/2015/Jan/81

Demonstration video

/ Blog / Tags: ,

Share the Post