HackDig : Dig high-quality web security articles for hackers

Balero CMS v0.7.2 Multiple Blind SQL Injection Vulnerabilities

2015-04-08 04:30
Title: Balero CMS v0.7.2 Multiple Blind SQL Injection Vulnerabilities
Advisory ID: ZSL-2015-5238
Type: Local/Remote
Impact: Exposure of System Information, Exposure of Sensitive Information, Manipulation of Data
Risk: (3/5)
Release Date: 07.04.2015
Summary
Balero CMS is an open source project that can help you managethe page of your company with just a few guided steps, minimizing thecosts that many companies make to have your advertising medium and/orportal.
Description
The application suffers from multiple blind SQL injection vulnerabilitieswhen input is passed to several POST parameters thru their affected moduleswhich are not properly sanitised before being returned to the user or usedin SQL queries. This can be exploited to manipulate SQL queries by injectingarbitrary SQL code.
Vendor
BaleroCMS Software - http://www.balerocms.com
Affected Version
0.7.2
Tested On
Apache 2.4.10 (Win32)
PHP 5.6.3
MySQL 5.6.21
Vendor Status
[04.03.2015] Vulnerabilities discovered.
[13.03.2015] Contact with the vendor.
[13.03.2015] Vendor responds asking more details.
[14.03.2015] Sent details to the vendor.
[15.03.2015] Vendor confirms issues, working on fix.
[15.03.2015] Vendor schedules patch release date.
[03.04.2015] Asked vendor for status update.
[03.04.2015] Vendor finishing core update, preparing patch.
[05.04.2015] Vendor releases version 0.8.3 to address these issues.
[07.04.2015] Coordinated public security advisory released.
PoC
balerocms_bsqli.txt
Credits
Vulnerability discovered by Gjoko Krstic - <gjoko@zeroscience.mk>
References
[1] http://www.balerocms.com/blog/main/id-190
[2] http://www.balerocms.com/blog/main/id-193
[3] https://github.com/neblina-software/balerocms-src/releases
[4] http://packetstormsecurity.com/files/131323
Changelog
[07.04.2015] - Initial release
[08.04.2015] - Added reference [4]
Contact
Zero Science Lab

Web: http://www.zeroscience.mk
e-mail: lab@zeroscience.mk


Source: php.8325-5102-LSZ/seitilibarenluv/ne/km.ecneicsorez.www

Read:3492 | Comments:0 | Tags:No Tag

“Balero CMS v0.7.2 Multiple Blind SQL Injection Vulnerabilities”0 Comments

Submit A Comment

Name:

Email:

Blog :

Verification Code:

Tools

Tag Cloud