 |
The DigiTrust Group: Advisory #080902a - Pligg CMS Multiple SQL Injection Vulnerabilities
Product:
Pligg CMS v9.9.5
Older versions likely affected as well
Credits:
Omer Singer
The DigiTrust Group
http://www.digitrustgroup.com
September 2, 2008
Risk Level:
HIGH
Program Summary:
Pligg is a PHP-based Content Management System designed to enable users to share and discuss news articles. In many implementations, anonymous registration is sufficient for content submission.
http://www.pligg.com/
SQL Injection Vulnerability:
Input passed to submit.php via the "category" and "id" parameters is not properly sanitised before being used. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
Proof of Concept Code:
On page 2 of the new story submission process, submit SQL code to the "id" or "category" parameters via a client-side web proxy. Injection on the "id" parameter returns the following error message:
Warning: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' CODE AND `link_author` = 3 ORDER BY `link_date` DESC LIMIT 1' at line 1 in...
Vendor Solution:
Fixed in SVN
Copyright (c) 2008 The DigiTrust Group.
Permission is granted for the redistribution of this alert electronically. It may not be edited in any way without the express written consent of The DigiTrust Group.
Disclaimer: The information in the advisory is believed to be accurate at the time of publishing based on currently available information. Use of the information constitutes acceptance for use on an AS IS condition. There are no warranties with regard to this information. Neither the author nor the publisher accepts any liability for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information.
|
Newsletter Registration
|
