New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Subrion cms 4.1.4 sql injection in /front/actions.php #480
Comments
|
Hello @jgj212! Many thanks for the report. Fix provided and the critical upgrade patch has been released. It's automatically installed on each script and provides this fix to the script. |
|
1.SUBRION CMS multiple vulnerabilties vendor: www.subrion.com Author: Karthik R (3psil0nLambDa) Email: [email protected]<SCRIPT type=text/javascript> /* <![CDATA[ */ (function(){try{var s,a,i,j,r,c,l=document.getElementById("cf_email");a=l.className;if(a){s=;r=parseInt(a.substr(0,2),16);for(j=2;a.length-j;j+=2){c=parseInt(a.substr(j,2),16)^r;s+=String.fromCharCode(c);}s=document.createTextNode(s);l.parentNode.replaceChild(s,l);}}catch(e){}})(); /* ]]> */ </SCRIPT>My blog: epsilonlambda.co.cc Google dork: © 2011 Powered by Subrion CMS Description about the CMS Subrion CMS unites the functionality of articles script, auto classifieds script, realty classifieds script, and web directory script all in one package. Subrions highly scalable set of key features makes it a powerful platform for web sites. Subrion CMS is easy to install and simple to manage. Use it as a stand-alone application or in conjunction with other applications to create entry level sites, mid-sized or large sites. You can be confident that you will be able to invest in this system and continue to grow it to any possible level.
The attackers can use the authentication bypass to get in to the admin panel in the site. Exploit: Username: or 0=0 #
The Poll module,Manage pages are vulnerable to persistent XSS in the title field. Exploit: "><IFRAME SRC="javascript:alert(XSS);"></IFRAME>
1.SUBRION CMS multiple vulnerabilties vendor: www.subrion.com Author: Karthik R (3psil0nLambDa) Email: [email protected]<SCRIPT type=text/javascript> /* <![CDATA[ */ (function(){try{var s,a,i,j,r,c,l=document.getElementById("cf_email");a=l.className;if(a){s=;r=parseInt(a.substr(0,2),16);for(j=2;a.length-j;j+=2){c=parseInt(a.substr(j,2),16)^r;s+=String.fromCharCode(c);}s=document.createTextNode(s);l.parentNode.replaceChild(s,l);}}catch(e){}})(); /* ]]> */ </SCRIPT>My blog: epsilonlambda.co.cc Google dork: © 2011 Powered by Subrion CMS Description about the CMS Subrion CMS unites the functionality of articles script, auto classifieds script, realty classifieds script, and web directory script all in one package. Subrions highly scalable set of key features makes it a powerful platform for web sites. Subrion CMS is easy to install and simple to manage. Use it as a stand-alone application or in conjunction with other applications to create entry level sites, mid-sized or large sites. You can be confident that you will be able to invest in this system and continue to grow it to any possible level.
The attackers can use the authentication bypass to get in to the admin panel in the site. Exploit: Username: or 0=0 #
The Poll module,Manage pages are vulnerable to persistent XSS in the title field. Exploit: "><IFRAME SRC="javascript:alert(XSS);"></IFRAME>
1.SUBRION CMS multiple vulnerabilties vendor: www.subrion.com Author: Karthik R (3psil0nLambDa) Email: [email protected]<SCRIPT type=text/javascript> /* <![CDATA[ */ (function(){try{var s,a,i,j,r,c,l=document.getElementById("cf_email");a=l.className;if(a){s=;r=parseInt(a.substr(0,2),16);for(j=2;a.length-j;j+=2){c=parseInt(a.substr(j,2),16)^r;s+=String.fromCharCode(c);}s=document.createTextNode(s);l.parentNode.replaceChild(s,l);}}catch(e){}})(); /* ]]> */ </SCRIPT>My blog: epsilonlambda.co.cc Google dork: © 2011 Powered by Subrion CMS Description about the CMS Subrion CMS unites the functionality of articles script, auto classifieds script, realty classifieds script, and web directory script all in one package. Subrions highly scalable set of key features makes it a powerful platform for web sites. Subrion CMS is easy to install and simple to manage. Use it as a stand-alone application or in conjunction with other applications to create entry level sites, mid-sized or large sites. You can be confident that you will be able to invest in this system and continue to grow it to any possible level.
The attackers can use the authentication bypass to get in to the admin panel in the site. Exploit: Username: or 0=0 #
The Poll module,Manage pages are vulnerable to persistent XSS in the title field. Exploit: "><IFRAME SRC="javascript:alert(XSS);"></IFRAME>
1.SUBRION CMS multiple vulnerabilties vendor: www.subrion.com Author: Karthik R (3psil0nLambDa) Email: Karthik.cupid@gmail.com<SCRIPT type=text/javascript> /* <![CDATA[ */ (function(){try{var s,a,i,j,r,c,l=document.getElementById("cf_email");a=l.className;if(a){s=;r=parseInt(a.substr(0,2),16);for(j=2;a.length-j;j+=2){c=parseInt(a.substr(j,2),16)^r;s+=String.fromCharCode(c);}s=document.createTextNode(s);l.parentNode.replaceChild(s,l);}}catch(e){}})(); /* ]]> */ </SCRIPT>My blog: epsilonlambda.co.cc Google dork: © 2011 Powered by Subrion CMS Description about the CMS Subrion CMS unites the functionality of articles script, auto classifieds script, realty classifieds script, and web directory script all in one package. Subrions highly scalable set of key features makes it a powerful platform for web sites. Subrion CMS is easy to install and simple to manage. Use it as a stand-alone application or in conjunction with other applications to create entry level sites, mid-sized or large sites. You can be confident that you will be able to invest in this system and continue to grow it to any possible level.
The attackers can use the authentication bypass to get in to the admin panel in the site. Exploit: Username: or 0=0 #
The Poll module,Manage pages are vulnerable to persistent XSS in the title field. Exploit: "><IFRAME SRC="javascript:alert(XSS);"></IFRAME>
1.SUBRION CMS multiple vulnerabilties Description about the CMS Subrion CMS unites the functionality of articles script, auto classifieds script, realty classifieds script, and web directory script all in one package. Subrions highly scalable set of key features makes it a powerful
The attackers can use the authentication bypass to get in to the admin panel in the site. Exploit: Username: or 0=0 #
The Poll module,Manage pages are vulnerable to persistent XSS in the title field. Exploit: "><IFRAME SRC="javascript:alert(XSS);"></IFRAME>
|
|
All these reports have been fixed and released in our latest version. So there is no known issues in our Subrion 4.1.5.20 version. Thanks |
Subrion cms 4.1.4 sql injection in /front/actions.php
description
Subrion cms 4.1.4 has a sql injection because $POST
details
critical code in /front/actions.php, $POST is passed to deleteUploadedFile with no checking
deleteUploadedFile in /includes/classes/ia.core.field.php:
There is a checking "checkOwnership", it means that anonymous user will be blocked as "return false", but any registered user will continue. So $fileName will be passed to row, and it is from $_POST['field'].
the row function has the code, it purpose is to construct sql statement and excute with no checking:
So there is a post-type sql injection, because this sql injection has no echo, we can use time-based sql injection to test with a normal user account.
sleep(0)
url: http://localhost/subrion/actions.json

postdata: action=delete-file&item=members&itemid=1&field=email
or sleep(0) ,username&file=123time-echo:
sleep(3)
url: http://localhost/subrion/actions.json

postdata: action=delete-file&item=members&itemid=1&field=email
or sleep(3) ,username&file=123time-echo:
Credit: ADLab of VenusTech
The text was updated successfully, but these errors were encountered: