Release date:
Updated on:
Affected Systems:
TAGWORX. cms tagworx. CMS
Description:
--------------------------------------------------------------------------------
Bugtraq id: 55570
TAGWORX. CMS is a content management system.
TAGWORX. the "cid" parameter provided in CMS is passed to gallery. if the input of php (Set "pid") is not properly filtered, it is used in SQL queries and can be operated by injecting any SQL code.
<* Source: Crim3R
Link: http://secunia.com/advisories/50543/
Http://packetstormsecurity.org/files/116370/TAGWORX.CMS-SQL-Injection.html
*>
Test method:
--------------------------------------------------------------------------------
Alert
The following procedures (methods) may be offensive and are intended only for security research and teaching. Users are at your own risk!
========================================
Sqli
[+] Gallery. php? Cid = [id] [sqli] & pid = [id]
D3m0:
Http://www.dr-schratzlseer.de/gallery.php? Cid = 124 '& pid = 124
Http://www.weingut-muenchen.de/gallery.php? Cat_id = 17 & cid = '& pid = & img = 1
Http://www.lebenstanz.com/gallery.php? Cid = 124 '& pid = 124
=
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
TAGWORX. CMS
-----------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://www.tagworx.net/