Selfcomposer CMS Critical Vulnerability

I was been in contact with the staff of such company and they fixed the vulnerabilities. Now the cms is safe from any type of attack. I must say also that they are a very kind and qualified team… Finally has been a pleasure to work with them.

Selfcomposer is an italian Content management system (CMS). This cms has won many awards in the last years, I’m sincerely shocked about that because it’s affected by serveral SQL Injectionvulnerabilities.

I found this vulnerability because i’m looking for buying a secure cms for my new site… I don’t like so much that the first lamer around the world could deface my domain. So I suggest you to be careful when you look for thing like cms, scripts and so on.

==== =={ Advisory 14/5/2010 } ======

SQL injection vulnerability in SelfComposer CMS

Vendor's Description of Software:
# http://www.selfcomposer.it
Dork:
allinurl:"prodotti.asp?idpadrerif="
Application Info:
Name: SelfComposer
Vulnerability Info:
Type: SQL injection Vulnerability
Risk: High
Fix:
Fixed
Time Table:
06/05/2010 - Vendor notified.

Additional Info:
All the input passed via "idprod", "idpadrerif", "idreferenza", "idpadrerifIstituzionali"
is not properly sanitised before being used in a sql query.
Solution:
Input validation of "idprod", "idpadrerif", "idreferenza", "idpadrerifIstituzionali"
parameters should be corrected.
Vulnerability:
# http://[site]/scheda.asp?idprod=[SQLi]&idpadrerif=[SQLi]
# http://[site]/schedaistituzionale.asp?idreferenza=[SQLi]&idpadrerifIstituzionali=[SQLi]
Credit:
Discoverd By: Locu
Website: https://xlocux.wordpress.com
Contacts: xlocux[-at-]gmail.com

============ {EOF} =============

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s