[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: SQL injection vulnerability in 360 Web Manager
- To: advisory@xxxxxxxxxxx
- Subject: Re: SQL injection vulnerability in 360 Web Manager
- From: Packet Storm <packet@xxxxxxxxxxxxxxxxxxxxxxx>
- Date: Wed, 26 May 2010 19:32:43 -0400
Already discovered 01/2008.
http://packetstormsecurity.org/0801-exploits/360-sql.txt
904cc6b6c4da1afe893909ea684ba118 360 Web Manager version 3.0 suffers from a SQL
injection vulnerability. Authored By <a
href="mailto:innos_got[at]rambler.ru";>Ded MustD!e</a>
On Tue, May 25, 2010 at 07:47:45PM +0200, advisory@xxxxxxxxxxx wrote:
> Vulnerability ID: HTB22379
> Reference:
> http://www.htbridge.ch/advisory/sql_injection_vulnerability_in_360_web_manager_1.html
> Product: 360 Web Manager
> Vendor: 360 Web Manager
> Vulnerable Version: 3.0
> Vendor Notification: 10 May 2010
> Vulnerability Type: SQL Injection
> Status: Not Fixed, Vendor Alerted, Awaiting Vendor Response
> Risk level: Medium
> Credit: High-Tech Bridge SA (http://www.htbridge.ch/)
>
> Vulnerability Details:
> The vulnerability exists due to failure in the
> "/adm/content/webpages/webpages-form-led-edit.php" script to properly
> sanitize user-supplied input in "IDFM" variable. Attacker can alter queries
> to the application SQL database, execute arbitrary queries to the database,
> compromise the application, access or modify sensitive data, or exploit
> various vulnerabilities in the underlying SQL database.
>
> Attacker can use browser to exploit this vulnerability. The following PoC is
> available:
>
> http://host/adm/content/webpages/webpages-form-led-edit.php?IDFM=-1+ANY_SQL_HERE+--+
>
>