Jump to content
drgs

Arcadem 2.01 Remote SQL Injection / RFI Vulnerabilties

Recommended Posts

Posted
Google dork:"Powered by AMCMS3"

Remote File Inclusion
---------------------
It is possible for a remote attacker to include a file from local or
remote resources and/or execute arbitrary script code with the
privileges of the webserver.

Proof of Concept:

index.php?loadpage=../../../../file
index.php?loadpage=[evilscript]

Solution:

Edit the source code to ensure that input is properly validated. Where
is possible, it is recommended to make a list of accepted filenames
and restrict the input to that list.

For PHP, the option allow_url_fopen would normally allow a programmer
to open, include or otherwise use a remote file using a URL rather
than a local file path. It is recommended to disable this option from
php.ini.


SQL Injection
-------------
An attacker may execute arbitrary SQL statements on the vulnerable
system. This may compromise the integrity of your database and/or
expose sensitive information.

Proof of Concept:

index.php?blockpage=%2E%2Findex%2Ephp
%3Fblockpage%3D1%26cat%3D&cat=[SQL Injection]
index.php?blockpage=%2E%2Findex%2Ephp
%3Fblockpage%3D1%26cat%3D&cat='


Solution:

Your script should filter metacharacters from user input.


Vendor was contacted by email and didn't not replied.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.



×
×
  • Create New...