SmartCMS SQL injection and Cross-Site Scripting

Release date:
Updated on: 2012-4 4

Affected Systems:
Smartcms
Description:
--------------------------------------------------------------------------------
Bugtraq id: 56760

SmartCMS content management system, rich functional models include articles, images, downloads, Q & A, forums/messages, site surveys, links, advertising systems, user-defined models, and Custom forms.

Some script files in SmartCMS do not effectively check and filter their parameters, resulting in SQL injection and cross-site scripting vulnerabilities, these vulnerabilities allow attackers to steal cookie authentication creden。, corrupt applications, access or modify data, and exploit other vulnerabilities in lower-layer databases.

<* Source: Pr0T3cT10n (pr0t3ct10n@gmail.com)
*>

Test method:
--------------------------------------------------------------------------------

Alert

The following procedures (methods) may be offensive and are intended only for security research and teaching. Users are at your own risk!

SQL-injection:

Http://www.example.com/index.php? Menuitem = 29 + AND + 1 = 2 + UNION + ALL + SELECT + version ()--

Cross-site scripting:

Http://www.example.com/index.php? Menuitem = 26 & amp; domeinvraag = & amp; lt; script & amp; gt; alert (1); & amp; lt;/script & amp; gt; & amp; aktie = Zoek & amp; idx = 23

Suggestion:
--------------------------------------------------------------------------------
Temporary solution:

If you cannot install or upgrade the patch immediately, NSFOCUS recommends that you take the following measures to reduce the threat:

* Enable the web application firewall to filter dangerous parameters, such as "select", ";", and.
* Or stop using SmartCMS.

Vendor patch:

Smartcms
--------
Currently, the vendor does not provide patches or upgrade programs. We recommend that users who use the software follow the vendor's homepage to obtain the latest version:

Www. smartcms. cc