FYI - Found possible new CMSMS Vulnerability
Posted: Wed Jan 02, 2008 3:15 pm
http://secwatch.org/advisories/1019900/
Bugtraq ID: BID#27074
Description:
An input validation vulnerability in the TinyMCE module for CMS Made Simple has been reported, which can be exploited by remote users to conduct SQL injection attacks.
User-supplied input passed to the "templateid" parameter in the modules/TinyMCE/content_css.php script is not correctly sanitised before being used in a SQL query. This can be exploited by a specially crafted parameter value to execute arbitrary SQL commands on the underlying database.
Affected:
CMS Made Simple version 1.2.2. Other versions may also be affected.
Proof of Concept:
SQL Injection:
http://[target]/modules/TinyMCE/content_css.php?templateid=[SQL]
Solution:
There was no vendor-supplied solution at the time of entry.
Edit source code manually to ensure user-supplied input is correctly sanitised.
Filter malicious characters and character sequences via a HTTP proxy or firewall with URL filtering capabilities.
Credits:
EgiX
Bugtraq ID: BID#27074
Description:
An input validation vulnerability in the TinyMCE module for CMS Made Simple has been reported, which can be exploited by remote users to conduct SQL injection attacks.
User-supplied input passed to the "templateid" parameter in the modules/TinyMCE/content_css.php script is not correctly sanitised before being used in a SQL query. This can be exploited by a specially crafted parameter value to execute arbitrary SQL commands on the underlying database.
Affected:
CMS Made Simple version 1.2.2. Other versions may also be affected.
Proof of Concept:
SQL Injection:
http://[target]/modules/TinyMCE/content_css.php?templateid=[SQL]
Solution:
There was no vendor-supplied solution at the time of entry.
Edit source code manually to ensure user-supplied input is correctly sanitised.
Filter malicious characters and character sequences via a HTTP proxy or firewall with URL filtering capabilities.
Credits:
EgiX