what you don't know can hurt you

FOOT Gestion CMS SQL Injection

FOOT Gestion CMS SQL Injection
Posted Dec 5, 2012
Authored by Emmanuel Farcy

FOOT Gestion CMS suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | c04d93814f479f921a7f5671334c4075

FOOT Gestion CMS SQL Injection

Change Mirror Download
Product: FOOT Gestion
Version: -
Vendor: Winsoft
Vendor site:http://www.footgestion.ch
Status: fixed
Level: High


=========
Description
=========
FOOT Gestion is a soccer team management CMS. The solution is based on a
software and a CMS website.
The website module is affected by a SQL injection vulnerability.


=========
Details
=========
The vulnerable page is "index.php?page=contacter&id=1"
Due to an improproper sanitization, field 'id' can be use in order to
inject custom SQL request


=========
Example
=========
http://target/index.php?page=contacter.php&id=-1 union select 1,2--%20


=========
Solution
=========
This vulnerability is fixed.
For websites which are hosting by the vendor, the fixe was already deployed.

If you hosting this by your own way, you may contact the vendor for getting
the fix.



Timeline
=========
19/09/2012: vulnerability discovered
27/09/2012: answer from vendor after several no responses
04/10/2012: Fixed and begin to be deployed
05/12/2012: Advisory publish
Login or Register to add favorites

File Archive:

September 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    14 Files
  • 2
    Sep 2nd
    19 Files
  • 3
    Sep 3rd
    9 Files
  • 4
    Sep 4th
    1 Files
  • 5
    Sep 5th
    2 Files
  • 6
    Sep 6th
    3 Files
  • 7
    Sep 7th
    12 Files
  • 8
    Sep 8th
    22 Files
  • 9
    Sep 9th
    17 Files
  • 10
    Sep 10th
    19 Files
  • 11
    Sep 11th
    3 Files
  • 12
    Sep 12th
    2 Files
  • 13
    Sep 13th
    15 Files
  • 14
    Sep 14th
    16 Files
  • 15
    Sep 15th
    15 Files
  • 16
    Sep 16th
    7 Files
  • 17
    Sep 17th
    13 Files
  • 18
    Sep 18th
    2 Files
  • 19
    Sep 19th
    2 Files
  • 20
    Sep 20th
    14 Files
  • 21
    Sep 21st
    20 Files
  • 22
    Sep 22nd
    28 Files
  • 23
    Sep 23rd
    13 Files
  • 24
    Sep 24th
    10 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close